Mac OS X Multiple Vulnerabilities (2012-001)

2012-02-06T00:00:00

Description

This host is missing an important security update according to Mac OS X Update/Mac OS X Security Update 2012-001.

{"id": "OPENVAS:802392", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Mac OS X Multiple Vulnerabilities (2012-001)", "description": "This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.", "published": "2012-02-06T00:00:00", "modified": "2017-07-04T00:00:00", "epss": [{"cve": "CVE-2011-3462", "epss": 0.00408, "percentile": 0.70938, "modified": "2023-11-20"}, {"cve": "CVE-2011-3448", "epss": 0.00757, "percentile": 0.78995, "modified": "2023-11-20"}, {"cve": "CVE-2011-1148", "epss": 0.01579, "percentile": 0.85872, "modified": "2023-11-20"}, {"cve": "CVE-2011-3444", "epss": 0.00185, "percentile": 0.55655, "modified": "2023-11-20"}, {"cve": "CVE-2011-1783", "epss": 0.00715, "percentile": 0.78318, "modified": "2023-11-20"}, {"cve": "CVE-2011-3246", "epss": 0.00525, "percentile": 0.7428, "modified": "2023-11-20"}, {"cve": "CVE-2011-3249", "epss": 0.06113, "percentile": 0.92745, "modified": "2023-11-20"}, {"cve": "CVE-2011-3189", "epss": 0.01352, "percentile": 0.84676, "modified": "2023-11-20"}, {"cve": "CVE-2011-0241", "epss": 0.02303, "percentile": 0.88503, "modified": "2023-11-20"}, {"cve": "CVE-2011-1752", "epss": 0.00719, "percentile": 0.78409, "modified": "2023-11-20"}, {"cve": "CVE-2011-1938", "epss": 0.01856, "percentile": 0.86992, "modified": "2023-11-20"}, {"cve": "CVE-2011-3449", "epss": 0.00473, "percentile": 0.72945, "modified": "2023-11-20"}, {"cve": "CVE-2011-3441", "epss": 0.00358, "percentile": 0.69071, "modified": "2023-11-20"}, {"cve": "CVE-2011-3453", "epss": 0.05684, "percentile": 0.9252, "modified": "2023-11-20"}, {"cve": "CVE-2011-3422", "epss": 0.00154, "percentile": 0.51682, "modified": "2023-11-20"}, {"cve": "CVE-2011-3248", "epss": 0.05339, "percentile": 0.92291, "modified": "2023-11-20"}, {"cve": "CVE-2011-2483", "epss": 0.00327, "percentile": 0.67618, "modified": "2023-11-20"}, {"cve": "CVE-2011-3457", "epss": 0.02553, "percentile": 0.89064, "modified": "2023-11-20"}, {"cve": "CVE-2010-2813", "epss": 0.11469, "percentile": 0.94673, "modified": "2023-11-20"}, {"cve": "CVE-2011-3463", "epss": 0.00042, "percentile": 0.05718, "modified": "2023-11-20"}, {"cve": "CVE-2011-3389", "epss": 0.003, "percentile": 0.66136, "modified": "2023-11-20"}, {"cve": "CVE-2011-2204", "epss": 0.00045, "percentile": 0.12921, "modified": "2023-11-20"}, {"cve": "CVE-2011-3256", "epss": 0.02332, "percentile": 0.88568, "modified": "2023-11-20"}, {"cve": "CVE-2011-1657", "epss": 0.01847, "percentile": 0.86964, "modified": "2023-11-20"}, {"cve": "CVE-2011-1167", "epss": 0.19947, "percentile": 0.95827, "modified": "2023-11-20"}, {"cve": "CVE-2011-3252", "epss": 0.07813, "percentile": 0.93531, "modified": "2023-11-20"}, {"cve": "CVE-2011-3268", "epss": 0.01182, "percentile": 0.83463, "modified": "2023-11-20"}, {"cve": "CVE-2011-3328", "epss": 0.04016, "percentile": 0.91118, "modified": "2023-11-20"}, {"cve": "CVE-2011-2023", "epss": 0.00317, "percentile": 0.67148, "modified": "2023-11-20"}, {"cve": "CVE-2011-3182", "epss": 0.01878, "percentile": 0.87093, "modified": "2023-11-20"}, {"cve": "CVE-2010-4554", "epss": 0.00446, "percentile": 0.72117, "modified": "2023-11-20"}, {"cve": "CVE-2011-1921", "epss": 0.00173, "percentile": 0.54391, "modified": "2023-11-20"}, {"cve": "CVE-2011-3459", "epss": 0.029, "percentile": 0.89716, "modified": "2023-11-20"}, {"cve": "CVE-2010-4555", "epss": 0.00316, "percentile": 0.67097, "modified": "2023-11-20"}, {"cve": "CVE-2011-3250", "epss": 0.79443, "percentile": 0.97969, "modified": "2023-11-20"}, {"cve": "CVE-2011-0200", "epss": 0.06505, "percentile": 0.92991, "modified": "2023-11-20"}, {"cve": "CVE-2011-3267", "epss": 0.00958, "percentile": 0.81509, "modified": "2023-11-20"}, {"cve": "CVE-2011-3458", "epss": 0.01587, "percentile": 0.85899, "modified": "2023-11-20"}, {"cve": "CVE-2011-3447", "epss": 0.00259, "percentile": 0.63459, "modified": "2023-11-20"}, {"cve": "CVE-2011-3460", "epss": 0.05892, "percentile": 0.92631, "modified": "2023-11-20"}, {"cve": "CVE-2011-3348", "epss": 0.314, "percentile": 0.96538, "modified": "2023-11-20"}, {"cve": "CVE-2011-2202", "epss": 0.05482, "percentile": 0.92398, "modified": "2023-11-20"}, {"cve": "CVE-2011-3452", "epss": 0.00259, "percentile": 0.63459, "modified": "2023-11-20"}, {"cve": "CVE-2011-3450", "epss": 0.00473, "percentile": 0.72945, "modified": "2023-11-20"}, {"cve": "CVE-2011-2895", "epss": 0.01205, "percentile": 0.83648, "modified": "2023-11-20"}, {"cve": "CVE-2010-1637", "epss": 0.00261, "percentile": 0.6367, "modified": "2023-11-20"}, {"cve": "CVE-2011-2937", "epss": 0.00431, "percentile": 0.71664, "modified": "2023-11-20"}, {"cve": "CVE-2011-2192", "epss": 0.00228, "percentile": 0.60931, "modified": "2023-11-20"}], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=802392", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html", "http://secunia.com/advisories/47843/", "http://securitytracker.com/id/1026627", "http://support.apple.com/kb/HT5130"], "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-3348", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "immutableFields": [], "lastseen": "2017-07-19T10:50:27", "viewCount": 29, "enchantments": {"score": {"value": 0.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "altlinux", "idList": ["0369392FD88EE617704E786FA14D039B", "1593771B1FFDFB2E5D3563F6D21FE84A", "1A2315C217EF7FCA5104470A3C3C3D16", "1E733468BB3886F2EA98B88B7CDDC2EA", "314B2E177B5C04F12D0D14D064F63E55", "40DB9D428EFA42909BD37BB630A9239E", "43441B939F0807E4D0E0F345FE39551B", "512B704061A329366FC56F6DCFE4E256", "5A626CE637DB7B8EFDFFCD8D9B558548", "7404D41062A4C70DF294AC673456AEB2", "7F81638DF622321B043580AB558CC0F5", "873024DA35722884E80F3FB997E7AF0F", "92A7060DB4117E8A7E3DDBA39DA5E416", "9307A647E195D81CEA2FAC49E6DDCBAB", "A41746BF3600E273CA49A6B36B0855D0", "C7A0C9390098E894A6051913B0C59962", "F2A8878DF6B2148C075A42D7D964A070"]}, {"type": "amazon", "idList": ["ALAS-2011-007", "ALAS-2011-008", "ALAS-2011-009", "ALAS-2011-010", "ALAS-2011-012", "ALAS-2011-025"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2011:0392", "CESA-2011:0861", "CESA-2011:0862", "CESA-2011:0918", "CESA-2011:1154", "CESA-2011:1155", "CESA-2011:1161", "CESA-2011:1377", "CESA-2011:1378", "CESA-2011:1380", "CESA-2011:1402", "CESA-2011:1423", "CESA-2011:1780", "CESA-2011:1845", "CESA-2012:0033", "CESA-2012:0071", "CESA-2012:0103", "CESA-2012:1088", "CESA-2012:1089", "CESA-2013:0126"]}, {"type": "cert", "idList": ["VU:410281", "VU:864643"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2011-505", "CPAI-2011-553", "CPAI-2012-020", "CPAI-2012-168", "CPAI-2014-2186"]}, {"type": "checkpoint_security", "idList": ["CPS:SK86440"]}, {"type": "cisa", "idList": ["CISA:416670C72E770A232740008F181D0B01"]}, {"type": "cve", "idList": ["CVE-2004-2770", "CVE-2010-1637", "CVE-2010-2813", "CVE-2010-4554", "CVE-2010-4555", "CVE-2011-0200", "CVE-2011-0241", "CVE-2011-1148", "CVE-2011-1167", "CVE-2011-1657", "CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921", "CVE-2011-1938", "CVE-2011-2023", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2204", "CVE-2011-2483", "CVE-2011-2752", "CVE-2011-2753", "CVE-2011-2895", "CVE-2011-2896", "CVE-2011-2937", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3246", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3252", "CVE-2011-3256", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-3348", "CVE-2011-3389", "CVE-2011-3422", "CVE-2011-3441", "CVE-2011-3444", "CVE-2011-3447", "CVE-2011-3448", "CVE-2011-3449", "CVE-2011-3450", "CVE-2011-3452", "CVE-2011-3453", "CVE-2011-3457", "CVE-2011-3458", "CVE-2011-3459", "CVE-2011-3460", "CVE-2011-3462", "CVE-2011-3463", "CVE-2012-0641", "CVE-2012-2124", "CVE-2015-8793"]}, {"type": "debian", "idList": ["DEBIAN:BSA-037:4B32C", "DEBIAN:BSA-058:D96CE", "DEBIAN:BSA-068:BAE64", "DEBIAN:DLA-154-1:C91BD", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DSA-2091-1:23614", "DEBIAN:DSA-2210-1:C259B", "DEBIAN:DSA-2210-2:4738C", "DEBIAN:DSA-2210-2:5A47B", "DEBIAN:DSA-2251-1:5380F", "DEBIAN:DSA-2262-2:2E683", "DEBIAN:DSA-2266-1:4FAC3", "DEBIAN:DSA-2271-1:0BBCF", "DEBIAN:DSA-2271-1:1B88B", "DEBIAN:DSA-2291-1:B447A", "DEBIAN:DSA-2293-1:771F2", "DEBIAN:DSA-2328-1:2E8D9", "DEBIAN:DSA-2340-1:1241F", "DEBIAN:DSA-2356-1:91E00", "DEBIAN:DSA-2358-1:F21E5", "DEBIAN:DSA-2368-1:91542", "DEBIAN:DSA-2381-:320B8", "DEBIAN:DSA-2398-1:A6208", "DEBIAN:DSA-2398-2:1A463", "DEBIAN:DSA-2399-1:367BF", "DEBIAN:DSA-2399-2:BC1FA", "DEBIAN:DSA-2401-1:5C59D", "DEBIAN:DSA-2408-1:B808D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1167", "DEBIANCVE:CVE-2011-1752", "DEBIANCVE:CVE-2011-1783", "DEBIANCVE:CVE-2011-1921", "DEBIANCVE:CVE-2011-2192", "DEBIANCVE:CVE-2011-2204", "DEBIANCVE:CVE-2011-2483", "DEBIANCVE:CVE-2011-2895", "DEBIANCVE:CVE-2011-2896", "DEBIANCVE:CVE-2011-2937", "DEBIANCVE:CVE-2011-3256", "DEBIANCVE:CVE-2011-3348", "DEBIANCVE:CVE-2011-3389", "DEBIANCVE:CVE-2015-8793"]}, {"type": "exploitdb", "idList": ["EDB-ID:17318", "EDB-ID:17486"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:DCB6D1527114BF4939903A3FD787537D", "EXPLOITPACK:E01EEEA67E34582F2A422D4CD1795D05"]}, {"type": "f5", "idList": ["F5:K13400", "F5:K13518", "F5:K13519", "F5:K15441", "F5:K15899", "SOL13400", "SOL13518", "SOL13519", "SOL15441", "SOL15899", "SOL15903"]}, {"type": "fedora", "idList": ["FEDORA:04F1C20CB8", "FEDORA:0A9BE110E2F", "FEDORA:0CD47110620", "FEDORA:0DB4D213AB", "FEDORA:1262420CBE", "FEDORA:16AED110C39", "FEDORA:179F720CEB", "FEDORA:1AC5420CC5", "FEDORA:1D01A11130D", "FEDORA:1EB69111183", "FEDORA:200AC208B1", "FEDORA:206E92195B", "FEDORA:23C8D110D22", "FEDORA:2490220CD3", "FEDORA:25045C0AD1", "FEDORA:2659520B1D", "FEDORA:269F320D4C", "FEDORA:2A3D62083D", "FEDORA:2AA70C0AD2", "FEDORA:2B4CF20C99", "FEDORA:2D2B820A5C", "FEDORA:2F07020CD7", "FEDORA:320272143B", "FEDORA:32C0C208B4", "FEDORA:37BAE20CD9", "FEDORA:4053B20CDA", "FEDORA:420B0E7205", "FEDORA:4329260E587A", "FEDORA:45E2C214D4", "FEDORA:462E6208E1", "FEDORA:4857E22DBD", "FEDORA:4867220AB1", "FEDORA:48FBB20CE9", "FEDORA:4FECC20A10", "FEDORA:510BA87E81", "FEDORA:5191B22DC7", "FEDORA:55FF821575", "FEDORA:593706093B2E", "FEDORA:5A57F22DE8", "FEDORA:5D9FC21312", "FEDORA:5DDA721219", "FEDORA:5FF621106AE", "FEDORA:6126137D07", "FEDORA:6247110F93D", "FEDORA:62E9022DEA", "FEDORA:633B721592", "FEDORA:6956921120", "FEDORA:6BF3822E23", "FEDORA:73438221A8", "FEDORA:7617922E25", "FEDORA:7869DC0ACF", "FEDORA:7A2FA214FF", "FEDORA:7A6DB110620", "FEDORA:7EE8622E3A", "FEDORA:7F9E2C0AD1", "FEDORA:805B3C0ACF", "FEDORA:836B9C0AD2", "FEDORA:8F4F21106DA", "FEDORA:8F77EC1764", "FEDORA:933C61101D2", "FEDORA:96703110DB8", "FEDORA:9717C110A7D", "FEDORA:9D331212AC", "FEDORA:A13DB60C7030", "FEDORA:A2C3F213B0", "FEDORA:A413420F2D", "FEDORA:A5A9D608A4BC", "FEDORA:AD13120DB6", "FEDORA:BFDED20E5F", "FEDORA:C5762206E3", "FEDORA:C68912194D", "FEDORA:C8DE210FFBA", "FEDORA:D4C3521434", "FEDORA:D55C11113FA", "FEDORA:D68E221277", "FEDORA:DD57B208B1", "FEDORA:E446A2122A", "FEDORA:E779120CA7", "FEDORA:EB6BC111F2E", "FEDORA:ECEAB110A94", "FEDORA:F036720CB7", "FEDORA:F30E111118B", "FEDORA:F332B2138D", "FEDORA:F38FB60CBEE0"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB", "18CE9A90-F269-11E1-BE53-080027EF73EC", "304409C3-C3EF-11E0-8AA5-485D60CB5385", "4AE68E7C-DDA4-11E0-A906-00215C6A37BB", "54075E39-04AC-11E1-A94E-BCAEC565249C", "559F3D1B-CB1D-11E5-80A4-001999F8D30B", "9AECB94C-C1AD-11E3-A5AC-001B21614864", "A4A809D8-25C8-11E1-B531-00215C6A37BB", "E27A1AF3-8D21-11E0-A45D-001E8C75030D", "FEE94342-4638-11E1-9F47-00E0815B8DA8"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-11:04.COMPRESS"]}, {"type": "gentoo", "idList": ["GLSA-201110-06", "GLSA-201110-22", "GLSA-201111-02", "GLSA-201201-09", "GLSA-201203-02", "GLSA-201206-24", "GLSA-201206-25", "GLSA-201209-02", "GLSA-201301-01", "GLSA-201309-11", "GLSA-201402-23", "GLSA-201406-32"]}, {"type": "github", "idList": ["GHSA-C57P-3V2G-W9RG"]}, {"type": "hackerone", "idList": ["H1:184877"]}, {"type": "httpd", "idList": ["HTTPD:2CFBCF43507D5A77B05B49EE4D573583"]}, {"type": "ibm", "idList": ["269B504D34D7B9BDD776A87F2BEC62D1CD4CA692AD0765FE50BEF0B6FFC0283F", "2E6D778793B990B68E72041D95DBC2B227927F08D97BCA9E118EC96F940B7A01", "30CDD497090F8940455238317492E01063AFC3CC537C3C8827026D302DFD0F4B", "4658C62A77F48A34C93A36AA5082184E598712E676A47847A2174B2175EB4DBB", "4BED10A9B77647D47155BEF6AEAE7754FE7B1E83A7CC5B95FC30366FA2805FDD", "52BFEC965C91FFF9EB67268FE505ABA82DAD2FDA3420E0AE67F8478C590BB2EA", "54F08A3E75F1334BAEA6B9D028356C7A554BD574E0B0139E6023C9756DA9A6B6", "5EFA13785CC30ADD58A09C8067C048A172DF46A415459750DB97A4B2E8C6095E", "92BAA2CFDFFEAB55F3ED7EBC0A3EE5A881814F275C7B91CCF17EC9995E7DF59D", "B5BA7A019881D4357D8DF943ED0F2EBF5D00B203B4AF8DE699E3A190780BD598", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "C3B24D9C073C7840B6F13827EE7743D35E733053B2442D8C8AD0A06EAEC3B9DA", "CA2533B5EBF4AE1A58144B7848A02FF9651FDC54D3D65F88D4E8BBBC89D23F97", "DDCE3DF1C0F2F3507A59F94E81A8ADEA101DC8CB5DCFAEE3754B7E7CBB0C41CB", "F99E6B53155FDD4D8DBC80C0D87F442D0752D2574DE83D2FA6FD715DAB07682C"]}, {"type": "ics", "idList": ["ICSA-14-098-03", "ICSA-19-192-04", "ICSMA-18-058-02"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-SSL-SSL_VERSION-"]}, {"type": "mskb", "idList": ["KB2643584"]}, {"type": "nessus", "idList": ["5996.PASL", "6015.PRM", "6018.PASL", "6052.PRM", "6096.PRM", "6489.PRM", "6589.PRM", "6904.PRM", "800597.PRM", "800602.PRM", "801087.PRM", "801194.PRM", "801196.PRM", "801392.PRM", "9334.PRM", "ALA_ALAS-2011-07.NASL", "ALA_ALAS-2011-08.NASL", "ALA_ALAS-2011-09.NASL", "ALA_ALAS-2011-10.NASL", "ALA_ALAS-2011-12.NASL", "ALA_ALAS-2011-25.NASL", "ALA_ALAS-2011-7.NASL", "ALA_ALAS-2011-8.NASL", "ALA_ALAS-2011-9.NASL", "APACHE_2_2_21.NASL", "APPLETV_5_1.NASL", "APPLETV_9_1.NASL", "APPLE_IOS_501_CHECK.NBIN", "APPLE_IOS_50_CHECK.NBIN", "APPLE_IOS_51_CHECK.NBIN", "APPLE_IOS_60_CHECK.NBIN", "ASTERISK_AST_2016_003.NASL", "BLACKBERRY_ES_PNG_KB27244.NASL", "CENTOS_RHSA-2011-0392.NASL", "CENTOS_RHSA-2011-0861.NASL", "CENTOS_RHSA-2011-0862.NASL", "CENTOS_RHSA-2011-0918.NASL", "CENTOS_RHSA-2011-1154.NASL", "CENTOS_RHSA-2011-1155.NASL", "CENTOS_RHSA-2011-1161.NASL", "CENTOS_RHSA-2011-1377.NASL", "CENTOS_RHSA-2011-1378.NASL", "CENTOS_RHSA-2011-1380.NASL", "CENTOS_RHSA-2011-1402.NASL", "CENTOS_RHSA-2011-1423.NASL", "CENTOS_RHSA-2011-1780.NASL", "CENTOS_RHSA-2011-1845.NASL", "CENTOS_RHSA-2012-0033.NASL", "CENTOS_RHSA-2012-0071.NASL", "CENTOS_RHSA-2012-0103.NASL", "CENTOS_RHSA-2012-1088.NASL", "CENTOS_RHSA-2012-1089.NASL", "CENTOS_RHSA-2013-0126.NASL", "DEBIAN_DLA-154.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DSA-2091.NASL", "DEBIAN_DSA-2210.NASL", "DEBIAN_DSA-2251.NASL", "DEBIAN_DSA-2266.NASL", "DEBIAN_DSA-2271.NASL", "DEBIAN_DSA-2291.NASL", "DEBIAN_DSA-2293.NASL", "DEBIAN_DSA-2328.NASL", "DEBIAN_DSA-2340.NASL", "DEBIAN_DSA-2356.NASL", "DEBIAN_DSA-2358.NASL", "DEBIAN_DSA-2368.NASL", "DEBIAN_DSA-2398.NASL", "DEBIAN_DSA-2399.NASL", "DEBIAN_DSA-2401.NASL", "DEBIAN_DSA-2408.NASL", "EULEROS_SA-2019-2357.NASL", "F5_BIGIP_SOL13400.NASL", "F5_BIGIP_SOL13519.NASL", "FEDORA_2010-10244.NASL", "FEDORA_2010-10259.NASL", "FEDORA_2010-10264.NASL", "FEDORA_2010-11410.NASL", "FEDORA_2010-11422.NASL", "FEDORA_2011-11464.NASL", "FEDORA_2011-11528.NASL", "FEDORA_2011-11537.NASL", "FEDORA_2011-12715.NASL", "FEDORA_2011-13426.NASL", "FEDORA_2011-13456.NASL", "FEDORA_2011-13457.NASL", "FEDORA_2011-14749.NASL", "FEDORA_2011-15020.NASL", "FEDORA_2011-15555.NASL", "FEDORA_2011-15956.NASL", "FEDORA_2011-17399.NASL", "FEDORA_2011-17400.NASL", "FEDORA_2011-3827.NASL", "FEDORA_2011-3836.NASL", "FEDORA_2011-5336.NASL", "FEDORA_2011-5955.NASL", "FEDORA_2011-5962.NASL", "FEDORA_2011-5991.NASL", "FEDORA_2011-8341.NASL", "FEDORA_2011-8352.NASL", "FEDORA_2011-8586.NASL", "FEDORA_2011-8640.NASL", "FEDORA_2011-9309.NASL", "FEDORA_2011-9311.NASL", "FEDORA_2012-5785.NASL", "FEDORA_2012-5892.NASL", "FEDORA_2012-5916.NASL", "FEDORA_2012-5924.NASL", "FEDORA_2012-9135.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FEDORA_2015-3948.NASL", "FEDORA_2015-3953.NASL", "FEDORA_2015-3964.NASL", "FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL", "FREEBSD_PKG_18CE9A90F26911E1BE53080027EF73EC.NASL", "FREEBSD_PKG_304409C3C3EF11E08AA5485D60CB5385.NASL", "FREEBSD_PKG_4AE68E7CDDA411E0A90600215C6A37BB.NASL", "FREEBSD_PKG_54075E3904AC11E1A94EBCAEC565249C.NASL", "FREEBSD_PKG_559F3D1BCB1D11E580A4001999F8D30B.NASL", "FREEBSD_PKG_9AECB94CC1AD11E3A5AC001B21614864.NASL", "FREEBSD_PKG_A4A809D825C811E1B53100215C6A37BB.NASL", "FREEBSD_PKG_E27A1AF38D2111E0A45D001E8C75030D.NASL", "FREEBSD_PKG_FEE94342463811E19F4700E0815B8DA8.NASL", "GENTOO_GLSA-201110-06.NASL", "GENTOO_GLSA-201110-22.NASL", "GENTOO_GLSA-201111-02.NASL", "GENTOO_GLSA-201201-09.NASL", "GENTOO_GLSA-201203-02.NASL", "GENTOO_GLSA-201206-24.NASL", "GENTOO_GLSA-201206-25.NASL", "GENTOO_GLSA-201209-02.NASL", "GENTOO_GLSA-201301-01.NASL", "GENTOO_GLSA-201309-11.NASL", "GENTOO_GLSA-201402-23.NASL", "GENTOO_GLSA-201406-32.NASL", "HPSMH_7_0_0_24.NASL", "HPSMH_7_2_1_0.NASL", "ITUNES_10_5.NASL", "ITUNES_10_5_BANNER.NASL", "KERIO_CONNECT_810.NASL", "MACOSX_10_11_2.NASL", "MACOSX_10_7_2.NASL", "MACOSX_10_7_3.NASL", "MACOSX_10_7_4.NASL", "MACOSX_10_7_5.NASL", "MACOSX_10_9.NASL", "MACOSX_JAVA_10_6_UPDATE6.NASL", "MACOSX_JAVA_10_7_UPDATE1.NASL", "MACOSX_SAFARI5_1.NASL", "MACOSX_SECUPD2011-004.NASL", "MACOSX_SECUPD2012-001.NASL", "MACOSX_SECUPD2012-002.NASL", "MACOSX_SECUPD2012-004.NASL", "MACOSX_SECUPD2014-001.NASL", "MACOSX_SECUPD2015-008.NASL", "MACOSX_XCODE_4_4.NASL", "MANDRIVA_MDVSA-2011-064.NASL", "MANDRIVA_MDVSA-2011-106.NASL", "MANDRIVA_MDVSA-2011-116.NASL", "MANDRIVA_MDVSA-2011-130.NASL", "MANDRIVA_MDVSA-2011-146.NASL", "MANDRIVA_MDVSA-2011-153.NASL", "MANDRIVA_MDVSA-2011-156.NASL", "MANDRIVA_MDVSA-2011-157.NASL", "MANDRIVA_MDVSA-2011-161.NASL", "MANDRIVA_MDVSA-2011-165.NASL", "MANDRIVA_MDVSA-2011-167.NASL", "MANDRIVA_MDVSA-2011-168.NASL", "MANDRIVA_MDVSA-2011-170.NASL", "MANDRIVA_MDVSA-2011-178.NASL", "MANDRIVA_MDVSA-2011-179.NASL", "MANDRIVA_MDVSA-2011-180.NASL", "MANDRIVA_MDVSA-2012-058.NASL", "MANDRIVA_MDVSA-2012-096.NASL", "MANDRIVA_MDVSA-2012-097.NASL", "MANDRIVA_MDVSA-2012-149.NASL", "MANDRIVA_MDVSA-2013-037.NASL", "OPENSUSE-2011-100.NASL", "OPENSUSE-2012-214.NASL", "OPENSUSE-2012-302.NASL", "OPENSUSE-2012-76.NASL", "OPENSUSE-2013-849.NASL", "OPENSUSE-2020-86.NASL", "OPERA_1151.NASL", "OPERA_1160.NASL", "ORACLELINUX_ELSA-2011-0392.NASL", "ORACLELINUX_ELSA-2011-0861.NASL", "ORACLELINUX_ELSA-2011-0862.NASL", "ORACLELINUX_ELSA-2011-0918.NASL", "ORACLELINUX_ELSA-2011-1154.NASL", "ORACLELINUX_ELSA-2011-1155.NASL", "ORACLELINUX_ELSA-2011-1161.NASL", "ORACLELINUX_ELSA-2011-1377.NASL", "ORACLELINUX_ELSA-2011-1378.NASL", "ORACLELINUX_ELSA-2011-1380.NASL", "ORACLELINUX_ELSA-2011-1391.NASL", "ORACLELINUX_ELSA-2011-1402.NASL", "ORACLELINUX_ELSA-2011-1423.NASL", "ORACLELINUX_ELSA-2011-1635.NASL", "ORACLELINUX_ELSA-2011-1780.NASL", "ORACLELINUX_ELSA-2011-1845.NASL", "ORACLELINUX_ELSA-2012-0033.NASL", "ORACLELINUX_ELSA-2012-0071.NASL", "ORACLELINUX_ELSA-2012-0103.NASL", "ORACLELINUX_ELSA-2012-1088.NASL", "ORACLELINUX_ELSA-2012-1089.NASL", "ORACLELINUX_ELSA-2013-0126.NASL", "ORACLEVM_OVMSA-2016-0056.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2015_LDAP.NASL", "ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL", "ORACLE_JAVA_CPU_OCT_2011.NASL", "ORACLE_JAVA_CPU_OCT_2011_UNIX.NASL", "ORACLE_RDBMS_CPU_OCT_2013.NASL", "PHP_5_3_7.NASL", "PHP_5_3_8.NASL", "PHP_5_4_0.NASL", "QUICKTIME_771.NASL", "QUICKTIME_772.NASL", "REDHAT-RHSA-2011-0392.NASL", "REDHAT-RHSA-2011-0861.NASL", "REDHAT-RHSA-2011-0862.NASL", "REDHAT-RHSA-2011-0918.NASL", "REDHAT-RHSA-2011-1090.NASL", "REDHAT-RHSA-2011-1154.NASL", "REDHAT-RHSA-2011-1155.NASL", "REDHAT-RHSA-2011-1161.NASL", "REDHAT-RHSA-2011-1377.NASL", "REDHAT-RHSA-2011-1378.NASL", "REDHAT-RHSA-2011-1380.NASL", "REDHAT-RHSA-2011-1384.NASL", "REDHAT-RHSA-2011-1391.NASL", "REDHAT-RHSA-2011-1402.NASL", "REDHAT-RHSA-2011-1423.NASL", "REDHAT-RHSA-2011-1780.NASL", "REDHAT-RHSA-2011-1834.NASL", "REDHAT-RHSA-2011-1845.NASL", "REDHAT-RHSA-2012-0006.NASL", "REDHAT-RHSA-2012-0033.NASL", "REDHAT-RHSA-2012-0034.NASL", "REDHAT-RHSA-2012-0071.NASL", "REDHAT-RHSA-2012-0094.NASL", "REDHAT-RHSA-2012-0103.NASL", "REDHAT-RHSA-2012-0508.NASL", "REDHAT-RHSA-2012-0542.NASL", "REDHAT-RHSA-2012-0680.NASL", "REDHAT-RHSA-2012-0682.NASL", "REDHAT-RHSA-2012-1088.NASL", "REDHAT-RHSA-2012-1089.NASL", "REDHAT-RHSA-2013-0126.NASL", "REDHAT-RHSA-2013-1455.NASL", "SAFARI_5_1.NASL", "SLACKWARE_SSA_2011-098-01.NASL", "SLACKWARE_SSA_2011-237-01.NASL", "SLACKWARE_SSA_2011-284-01.NASL", "SL_20110329_LIBTIFF_ON_SL4_X.NASL", "SL_20110329_LIBTIFF_ON_SL5_X.NASL", "SL_20110608_SUBVERSION_ON_SL4_X.NASL", "SL_20110608_SUBVERSION_ON_SL5_X.NASL", "SL_20110705_CURL_ON_SL4_X.NASL", "SL_20110811_LIBXFONT_ON_SL5_X.NASL", "SL_20110811_XORG_X11_ON_SL4_X.NASL", "SL_20110815_FREETYPE_ON_SL4_X.NASL", "SL_20111017_POSTGRESQL84_ON_SL5_X.NASL", "SL_20111017_POSTGRESQL_ON_SL4_X.NASL", "SL_20111018_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20111019_JAVA_1_6_0_SUN_ON_SL5_X.NASL", "SL_20111020_HTTPD_ON_SL6_X.NASL", "SL_20111025_FREETYPE_ON_SL4_X.NASL", "SL_20111102_PHP53_AND_PHP_ON_SL5_X.NASL", "SL_20111205_TOMCAT6_ON_SL6.NASL", "SL_20111220_TOMCAT5_ON_SL5_X.NASL", "SL_20120118_PHP_ON_SL5_X.NASL", "SL_20120130_PHP_ON_SL4_X.NASL", "SL_20120208_SQUIRRELMAIL_ON_SL4_X.NASL", "SL_20120717_FIREFOX_ON_SL5_X.NASL", "SL_20120717_THUNDERBIRD_ON_SL5_X.NASL", "SL_20130108_SQUIRRELMAIL_ON_SL5_X.NASL", "SMB_KB2588513.NASL", "SMB_NT_MS12-006.NASL", "SOLARIS10_119213-27.NASL", "SOLARIS10_125358-15.NASL", "SOLARIS10_X86_119214-27.NASL", "SOLARIS10_X86_125359-15.NASL", "SOLARIS11_FETCHMAIL_20121016.NASL", "SOLARIS11_LIBFXT_20141107.NASL", "SOLARIS11_PYTHON_20130410.NASL", "SSL3_TLS1_IV_IMPL_INFO_DISCLOSURE.NASL", "SUSE9_12702.NASL", "SUSE9_12813.NASL", "SUSE_11_2_LIBTIFF-DEVEL-110415.NASL", "SUSE_11_3_APACHE2-111026.NASL", "SUSE_11_3_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_3_APACHE2-MOD_PHP5-110907.NASL", "SUSE_11_3_FREETYPE2-111216.NASL", "SUSE_11_3_GLIBC-110729.NASL", "SUSE_11_3_JAVA-1_6_0-OPENJDK-111025.NASL", "SUSE_11_3_JAVA-1_6_0-SUN-111024.NASL", "SUSE_11_3_LIBPCIACCESS0-110905.NASL", "SUSE_11_3_LIBSVN_AUTH_GNOME_KEYRING-1-0-110607.NASL", "SUSE_11_3_LIBTIFF-DEVEL-110415.NASL", "SUSE_11_3_LIBXCRYPT-110824.NASL", "SUSE_11_3_MAN-PAGES-110823.NASL", "SUSE_11_3_NSS-201112-111220.NASL", "SUSE_11_3_OPERA-110906.NASL", "SUSE_11_3_TOMCAT6-110815.NASL", "SUSE_11_3_YAST2-CORE-110822.NASL", "SUSE_11_4_APACHE2-111026.NASL", "SUSE_11_4_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_4_APACHE2-MOD_PHP5-110907.NASL", "SUSE_11_4_CURL-120124.NASL", "SUSE_11_4_CURL-120131.NASL", "SUSE_11_4_FREETYPE2-111216.NASL", "SUSE_11_4_GLIBC-110729.NASL", "SUSE_11_4_JAVA-1_6_0-OPENJDK-111025.NASL", "SUSE_11_4_JAVA-1_6_0-SUN-111024.NASL", "SUSE_11_4_LIBPCIACCESS0-110905.NASL", "SUSE_11_4_LIBSVN_AUTH_GNOME_KEYRING-1-0-110607.NASL", "SUSE_11_4_LIBTIFF-DEVEL-110415.NASL", "SUSE_11_4_LIBXCRYPT-110824.NASL", "SUSE_11_4_MAN-PAGES-110823.NASL", "SUSE_11_4_NSS-201112-111220.NASL", "SUSE_11_4_OPERA-110906.NASL", "SUSE_11_4_TOMCAT6-110815.NASL", "SUSE_11_4_YAST2-CORE-110822.NASL", "SUSE_11_APACHE2-111026.NASL", "SUSE_11_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_APACHE2-MOD_PHP5-120309.NASL", "SUSE_11_FREETYPE2-111201.NASL", "SUSE_11_GLIBC-110729.NASL", "SUSE_11_GLIBC-BLOWFISH-110729.NASL", "SUSE_11_JAVA-1_4_2-IBM-120105.NASL", "SUSE_11_JAVA-1_6_0-IBM-120223.NASL", "SUSE_11_LIBPCIACCESS0-110905.NASL", "SUSE_11_LIBTIFF-DEVEL-110415.NASL", "SUSE_11_LIBXCRYPT-110824.NASL", "SUSE_11_MAN-PAGES-110825.NASL", "SUSE_11_YAST2-CORE-110830.NASL", "SUSE_APACHE2-MOD_PHP5-7553.NASL", "SUSE_APACHE2-MOD_PHP5-7554.NASL", "SUSE_CVS2SVN-7560.NASL", "SUSE_FREETYPE2-7872.NASL", "SUSE_GLIBC-7659.NASL", "SUSE_GLIBC-7663.NASL", "SUSE_GLIBC-BLOWFISH-7663.NASL", "SUSE_JAVA-1_4_2-IBM-7908.NASL", "SUSE_JAVA-1_6_0-IBM-7926.NASL", "SUSE_LIBCURL4-8618.NASL", "SUSE_LIBTIFF-7473.NASL", "SUSE_LIBTIFF-7474.NASL", "SUSE_MOZILLA-NSS-7842.NASL", "SUSE_POSTGRESQL-8311.NASL", "SUSE_PYTHON-8080.NASL", "SUSE_SU-2012-1336-1.NASL", "SUSE_SU-2020-0114-1.NASL", "SUSE_SU-2020-0234-1.NASL", "SUSE_TOMCAT5-7688.NASL", "SUSE_TOMCAT5-7689.NASL", "SUSE_XORG-X11-7759.NASL", "SUSE_YAST2-CORE-7725.NASL", "SUSE_YAST2-CORE-7726.NASL", "TOMCAT_5_5_34.NASL", "TOMCAT_6_0_33.NASL", "TOMCAT_7_0_19.NASL", "UBUNTU_USN-1102-1.NASL", "UBUNTU_USN-1126-1.NASL", "UBUNTU_USN-1126-2.NASL", "UBUNTU_USN-1144-1.NASL", "UBUNTU_USN-1158-1.NASL", "UBUNTU_USN-1191-1.NASL", "UBUNTU_USN-1229-1.NASL", "UBUNTU_USN-1231-1.NASL", "UBUNTU_USN-1252-1.NASL", "UBUNTU_USN-1259-1.NASL", "UBUNTU_USN-1263-1.NASL", "UBUNTU_USN-1263-2.NASL", "UBUNTU_USN-1267-1.NASL", "VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL", "VMWARE_VMSA-2012-0003.NASL", "VMWARE_VMSA-2012-0005.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103448", "OPENVAS:1361412562310100688", "OPENVAS:1361412562310100759", "OPENVAS:1361412562310103225", "OPENVAS:1361412562310103229", "OPENVAS:1361412562310103243", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310120400", "OPENVAS:1361412562310120500", "OPENVAS:1361412562310120512", "OPENVAS:1361412562310120513", "OPENVAS:1361412562310120517", "OPENVAS:1361412562310120570", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310121025", "OPENVAS:1361412562310121154", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310122011", "OPENVAS:1361412562310122020", "OPENVAS:1361412562310122047", "OPENVAS:1361412562310122061", "OPENVAS:1361412562310122064", "OPENVAS:1361412562310122068", "OPENVAS:1361412562310122071", "OPENVAS:1361412562310122072", "OPENVAS:1361412562310122073", "OPENVAS:1361412562310122111", "OPENVAS:1361412562310122139", "OPENVAS:1361412562310122150", "OPENVAS:1361412562310122209", "OPENVAS:1361412562310123994", "OPENVAS:136141256231067845", "OPENVAS:136141256231069420", "OPENVAS:136141256231069579", "OPENVAS:136141256231069755", "OPENVAS:136141256231069958", "OPENVAS:136141256231069972", "OPENVAS:136141256231069973", "OPENVAS:136141256231069976", "OPENVAS:136141256231070227", "OPENVAS:136141256231070229", "OPENVAS:136141256231070246", "OPENVAS:136141256231070257", "OPENVAS:136141256231070266", "OPENVAS:136141256231070415", "OPENVAS:136141256231070543", "OPENVAS:136141256231070570", "OPENVAS:136141256231070571", "OPENVAS:136141256231070592", "OPENVAS:136141256231070611", "OPENVAS:136141256231070687", "OPENVAS:136141256231070715", "OPENVAS:136141256231070716", "OPENVAS:136141256231070717", "OPENVAS:136141256231070718", "OPENVAS:136141256231070743", "OPENVAS:136141256231070769", "OPENVAS:136141256231070785", "OPENVAS:136141256231070791", "OPENVAS:136141256231070810", "OPENVAS:136141256231071135", "OPENVAS:136141256231071186", "OPENVAS:136141256231071249", "OPENVAS:136141256231071550", "OPENVAS:136141256231071551", "OPENVAS:136141256231071832", "OPENVAS:136141256231071941", "OPENVAS:136141256231071962", "OPENVAS:136141256231072419", "OPENVAS:1361412562310802193", "OPENVAS:1361412562310802198", "OPENVAS:1361412562310802233", "OPENVAS:1361412562310802329", "OPENVAS:1361412562310802330", "OPENVAS:1361412562310802332", "OPENVAS:1361412562310802333", "OPENVAS:1361412562310802336", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310802794", "OPENVAS:1361412562310802795", "OPENVAS:1361412562310802830", "OPENVAS:1361412562310802968", "OPENVAS:1361412562310804851", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310830985", "OPENVAS:1361412562310831095", "OPENVAS:1361412562310831136", "OPENVAS:1361412562310831361", "OPENVAS:1361412562310831415", "OPENVAS:1361412562310831429", "OPENVAS:1361412562310831438", "OPENVAS:1361412562310831465", "OPENVAS:1361412562310831472", "OPENVAS:1361412562310831473", "OPENVAS:1361412562310831476", "OPENVAS:1361412562310831478", "OPENVAS:1361412562310831484", "OPENVAS:1361412562310831487", "OPENVAS:1361412562310831491", "OPENVAS:1361412562310831493", "OPENVAS:1361412562310831500", "OPENVAS:1361412562310831514", "OPENVAS:1361412562310831573", "OPENVAS:1361412562310831685", "OPENVAS:1361412562310831686", "OPENVAS:1361412562310831731", "OPENVAS:1361412562310840626", "OPENVAS:1361412562310840636", "OPENVAS:1361412562310840646", "OPENVAS:1361412562310840674", "OPENVAS:1361412562310840685", "OPENVAS:1361412562310840721", "OPENVAS:1361412562310840772", "OPENVAS:1361412562310840782", "OPENVAS:1361412562310840798", "OPENVAS:1361412562310840803", "OPENVAS:1361412562310840805", "OPENVAS:1361412562310840810", "OPENVAS:1361412562310840872", "OPENVAS:1361412562310850170", "OPENVAS:1361412562310850212", "OPENVAS:1361412562310850286", "OPENVAS:1361412562310853008", "OPENVAS:1361412562310862178", "OPENVAS:1361412562310862181", "OPENVAS:1361412562310862196", "OPENVAS:1361412562310862307", "OPENVAS:1361412562310862309", "OPENVAS:1361412562310862976", "OPENVAS:1361412562310862987", "OPENVAS:1361412562310863017", "OPENVAS:1361412562310863072", "OPENVAS:1361412562310863074", "OPENVAS:1361412562310863295", "OPENVAS:1361412562310863312", "OPENVAS:1361412562310863323", "OPENVAS:1361412562310863333", "OPENVAS:1361412562310863382", "OPENVAS:1361412562310863384", "OPENVAS:1361412562310863514", "OPENVAS:1361412562310863518", "OPENVAS:1361412562310863520", "OPENVAS:1361412562310863523", "OPENVAS:1361412562310863524", "OPENVAS:1361412562310863527", "OPENVAS:1361412562310863531", "OPENVAS:1361412562310863588", "OPENVAS:1361412562310863592", "OPENVAS:1361412562310863593", "OPENVAS:1361412562310863594", "OPENVAS:1361412562310863609", "OPENVAS:1361412562310863611", "OPENVAS:1361412562310863649", "OPENVAS:1361412562310863651", "OPENVAS:1361412562310863690", "OPENVAS:1361412562310863691", "OPENVAS:1361412562310863692", "OPENVAS:1361412562310863693", "OPENVAS:1361412562310863694", "OPENVAS:1361412562310863695", "OPENVAS:1361412562310863696", "OPENVAS:1361412562310863697", "OPENVAS:1361412562310863698", "OPENVAS:1361412562310863699", "OPENVAS:1361412562310863728", "OPENVAS:1361412562310863748", "OPENVAS:1361412562310863788", "OPENVAS:1361412562310863794", "OPENVAS:1361412562310863798", "OPENVAS:1361412562310863804", "OPENVAS:1361412562310863875", "OPENVAS:1361412562310863904", "OPENVAS:1361412562310863916", "OPENVAS:1361412562310863955", "OPENVAS:1361412562310863960", "OPENVAS:1361412562310863977", "OPENVAS:1361412562310864037", "OPENVAS:1361412562310864057", "OPENVAS:1361412562310864068", "OPENVAS:1361412562310864070", "OPENVAS:1361412562310864088", "OPENVAS:1361412562310864180", "OPENVAS:1361412562310864199", "OPENVAS:1361412562310864218", "OPENVAS:1361412562310864223", "OPENVAS:1361412562310864317", "OPENVAS:1361412562310864384", "OPENVAS:1361412562310864392", "OPENVAS:1361412562310864457", "OPENVAS:1361412562310864471", "OPENVAS:1361412562310864472", "OPENVAS:1361412562310864477", "OPENVAS:1361412562310864684", "OPENVAS:1361412562310864710", "OPENVAS:1361412562310864791", "OPENVAS:1361412562310864793", "OPENVAS:1361412562310865053", "OPENVAS:1361412562310865325", "OPENVAS:1361412562310865329", "OPENVAS:1361412562310865336", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310869126", "OPENVAS:1361412562310869131", "OPENVAS:1361412562310869710", "OPENVAS:1361412562310870416", "OPENVAS:1361412562310870442", "OPENVAS:1361412562310870444", "OPENVAS:1361412562310870452", "OPENVAS:1361412562310870463", "OPENVAS:1361412562310870465", "OPENVAS:1361412562310870467", "OPENVAS:1361412562310870501", "OPENVAS:1361412562310870503", "OPENVAS:1361412562310870506", "OPENVAS:1361412562310870507", "OPENVAS:1361412562310870510", "OPENVAS:1361412562310870525", "OPENVAS:1361412562310870531", "OPENVAS:1361412562310870533", "OPENVAS:1361412562310870543", "OPENVAS:1361412562310870617", "OPENVAS:1361412562310870651", "OPENVAS:1361412562310870790", "OPENVAS:1361412562310870792", "OPENVAS:1361412562310870880", "OPENVAS:1361412562310871860", "OPENVAS:1361412562310880484", "OPENVAS:1361412562310880495", "OPENVAS:1361412562310880528", "OPENVAS:1361412562310880547", "OPENVAS:1361412562310880955", "OPENVAS:1361412562310880960", "OPENVAS:1361412562310880961", "OPENVAS:1361412562310880965", "OPENVAS:1361412562310880993", "OPENVAS:1361412562310881023", "OPENVAS:1361412562310881024", "OPENVAS:1361412562310881025", "OPENVAS:1361412562310881027", "OPENVAS:1361412562310881028", "OPENVAS:1361412562310881030", "OPENVAS:1361412562310881042", "OPENVAS:1361412562310881059", "OPENVAS:1361412562310881094", "OPENVAS:1361412562310881147", "OPENVAS:1361412562310881160", "OPENVAS:1361412562310881168", "OPENVAS:1361412562310881187", "OPENVAS:1361412562310881201", "OPENVAS:1361412562310881223", "OPENVAS:1361412562310881232", "OPENVAS:1361412562310881256", "OPENVAS:1361412562310881269", "OPENVAS:1361412562310881275", "OPENVAS:1361412562310881298", "OPENVAS:1361412562310881300", "OPENVAS:1361412562310881310", "OPENVAS:1361412562310881333", "OPENVAS:1361412562310881355", "OPENVAS:1361412562310881360", "OPENVAS:1361412562310881365", "OPENVAS:1361412562310881395", "OPENVAS:1361412562310881408", "OPENVAS:1361412562310881424", "OPENVAS:1361412562310881438", "OPENVAS:1361412562310881445", "OPENVAS:1361412562310881447", "OPENVAS:1361412562310881449", "OPENVAS:1361412562310881572", "OPENVAS:1361412562310902356", "OPENVAS:1361412562310902436", "OPENVAS:1361412562310902466", "OPENVAS:1361412562310902474", "OPENVAS:1361412562310902543", "OPENVAS:1361412562310902606", "OPENVAS:1361412562310902630", "OPENVAS:1361412562310902900", "OPENVAS:1361412562311220192357", "OPENVAS:67845", "OPENVAS:69420", "OPENVAS:69579", "OPENVAS:69755", "OPENVAS:69958", "OPENVAS:69972", "OPENVAS:69973", "OPENVAS:69976", "OPENVAS:70227", "OPENVAS:70229", "OPENVAS:70246", "OPENVAS:70257", "OPENVAS:70266", "OPENVAS:70415", "OPENVAS:70543", "OPENVAS:70570", "OPENVAS:70571", "OPENVAS:70592", "OPENVAS:70611", "OPENVAS:70687", "OPENVAS:70715", "OPENVAS:70716", "OPENVAS:70717", "OPENVAS:70718", "OPENVAS:70743", "OPENVAS:70769", "OPENVAS:70785", "OPENVAS:70791", "OPENVAS:70810", "OPENVAS:71135", "OPENVAS:71186", "OPENVAS:71249", "OPENVAS:71550", "OPENVAS:71551", "OPENVAS:71832", "OPENVAS:71941", "OPENVAS:71962", "OPENVAS:72419", "OPENVAS:802193", "OPENVAS:802198", "OPENVAS:802233", "OPENVAS:802332", "OPENVAS:802333", "OPENVAS:802336", "OPENVAS:802794", "OPENVAS:802795", "OPENVAS:802830", "OPENVAS:802968", "OPENVAS:830985", "OPENVAS:831095", "OPENVAS:831136", "OPENVAS:831361", "OPENVAS:831415", "OPENVAS:831429", "OPENVAS:831438", "OPENVAS:831465", "OPENVAS:831472", "OPENVAS:831473", "OPENVAS:831476", "OPENVAS:831478", "OPENVAS:831484", "OPENVAS:831487", "OPENVAS:831491", "OPENVAS:831493", "OPENVAS:831500", "OPENVAS:831514", "OPENVAS:831573", "OPENVAS:831685", "OPENVAS:831686", "OPENVAS:831731", "OPENVAS:840626", "OPENVAS:840636", "OPENVAS:840646", "OPENVAS:840674", "OPENVAS:840685", "OPENVAS:840721", "OPENVAS:840772", "OPENVAS:840782", "OPENVAS:840798", "OPENVAS:840803", "OPENVAS:840805", "OPENVAS:840810", "OPENVAS:840872", "OPENVAS:850170", "OPENVAS:850212", "OPENVAS:850286", "OPENVAS:862178", "OPENVAS:862181", "OPENVAS:862196", "OPENVAS:862307", "OPENVAS:862309", "OPENVAS:862976", "OPENVAS:862987", "OPENVAS:863017", "OPENVAS:863072", "OPENVAS:863074", "OPENVAS:863295", "OPENVAS:863312", "OPENVAS:863323", "OPENVAS:863333", "OPENVAS:863382", "OPENVAS:863384", "OPENVAS:863514", "OPENVAS:863518", "OPENVAS:863520", "OPENVAS:863523", "OPENVAS:863524", "OPENVAS:863527", "OPENVAS:863531", "OPENVAS:863588", "OPENVAS:863592", "OPENVAS:863593", "OPENVAS:863594", "OPENVAS:863609", "OPENVAS:863611", "OPENVAS:863649", "OPENVAS:863651", "OPENVAS:863690", "OPENVAS:863691", "OPENVAS:863692", "OPENVAS:863693", "OPENVAS:863694", "OPENVAS:863695", "OPENVAS:863696", "OPENVAS:863697", "OPENVAS:863698", "OPENVAS:863699", "OPENVAS:863728", "OPENVAS:863748", "OPENVAS:863788", "OPENVAS:863794", "OPENVAS:863798", "OPENVAS:863804", "OPENVAS:863875", "OPENVAS:863904", "OPENVAS:863916", "OPENVAS:863955", "OPENVAS:863960", "OPENVAS:863977", "OPENVAS:864037", "OPENVAS:864057", "OPENVAS:864068", "OPENVAS:864070", "OPENVAS:864088", "OPENVAS:864180", "OPENVAS:864199", "OPENVAS:864218", "OPENVAS:864223", "OPENVAS:864317", "OPENVAS:864384", "OPENVAS:864392", "OPENVAS:864457", "OPENVAS:864471", "OPENVAS:864472", "OPENVAS:864477", "OPENVAS:864684", "OPENVAS:864710", "OPENVAS:864791", "OPENVAS:864793", "OPENVAS:865053", "OPENVAS:865325", "OPENVAS:865329", "OPENVAS:865336", "OPENVAS:870416", "OPENVAS:870442", "OPENVAS:870444", "OPENVAS:870452", "OPENVAS:870463", "OPENVAS:870465", "OPENVAS:870467", "OPENVAS:870501", "OPENVAS:870503", "OPENVAS:870506", "OPENVAS:870507", "OPENVAS:870510", "OPENVAS:870525", "OPENVAS:870531", "OPENVAS:870533", "OPENVAS:870543", "OPENVAS:870617", "OPENVAS:870651", "OPENVAS:870790", "OPENVAS:870792", "OPENVAS:870880", "OPENVAS:880484", "OPENVAS:880495", "OPENVAS:880528", "OPENVAS:880547", "OPENVAS:880955", "OPENVAS:880960", "OPENVAS:880961", "OPENVAS:880965", "OPENVAS:880993", "OPENVAS:881023", "OPENVAS:881024", "OPENVAS:881025", "OPENVAS:881027", "OPENVAS:881028", "OPENVAS:881030", "OPENVAS:881042", "OPENVAS:881059", "OPENVAS:881094", "OPENVAS:881147", "OPENVAS:881160", "OPENVAS:881168", "OPENVAS:881187", "OPENVAS:881201", "OPENVAS:881223", "OPENVAS:881232", "OPENVAS:881256", "OPENVAS:881269", "OPENVAS:881275", "OPENVAS:881298", "OPENVAS:881300", "OPENVAS:881310", "OPENVAS:881333", "OPENVAS:881355", "OPENVAS:881360", "OPENVAS:881365", "OPENVAS:881395", "OPENVAS:881408", "OPENVAS:881424", "OPENVAS:881438", "OPENVAS:881445", "OPENVAS:881447", "OPENVAS:881449", "OPENVAS:881572", "OPENVAS:902466", "OPENVAS:902474", "OPENVAS:902543", "OPENVAS:902630", "OPENVAS:902900"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2015", "ORACLE:CPUJUL2015", "ORACLE:CPUJULY2013-1899826", "ORACLE:CPUOCT2013-1899837"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0392", "ELSA-2011-0861", "ELSA-2011-0862", "ELSA-2011-0918", "ELSA-2011-1154", "ELSA-2011-1155", "ELSA-2011-1161", "ELSA-2011-1377", "ELSA-2011-1378", "ELSA-2011-1380", "ELSA-2011-1391", "ELSA-2011-1402", "ELSA-2011-1423", "ELSA-2011-1780", "ELSA-2011-1845", "ELSA-2012-0033", "ELSA-2012-0071", "ELSA-2012-0103", "ELSA-2012-0474", "ELSA-2012-0677", "ELSA-2012-1046", "ELSA-2013-0126", "ELSA-2013-0216"]}, {"type": "osv", "idList": ["OSV:DLA-154-1", "OSV:DLA-400-1", "OSV:DSA-2091-1", "OSV:DSA-2210-1", "OSV:DSA-2251-1", "OSV:DSA-2266-1", "OSV:DSA-2291-1", "OSV:DSA-2340-1", "OSV:DSA-2356-1", "OSV:DSA-2358-1", "OSV:DSA-2368-1", "OSV:DSA-2398-1", "OSV:DSA-2399-1", "OSV:DSA-2401-1", "OSV:DSA-2408-1", "OSV:GHSA-C57P-3V2G-W9RG"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:101665", "PACKETSTORM:102751"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2011:0392", "RHSA-2011:0861", "RHSA-2011:0862", "RHSA-2011:0918", "RHSA-2011:1090", "RHSA-2011:1154", "RHSA-2011:1155", "RHSA-2011:1161", "RHSA-2011:1377", "RHSA-2011:1378", "RHSA-2011:1380", "RHSA-2011:1384", "RHSA-2011:1391", "RHSA-2011:1402", "RHSA-2011:1423", "RHSA-2011:1780", "RHSA-2011:1834", "RHSA-2011:1845", "RHSA-2012:0006", "RHSA-2012:0033", "RHSA-2012:0034", "RHSA-2012:0071", "RHSA-2012:0094", "RHSA-2012:0103", "RHSA-2012:0343", "RHSA-2012:0508", "RHSA-2012:0542", "RHSA-2012:0543", "RHSA-2012:0679", "RHSA-2012:0680", "RHSA-2012:0681", "RHSA-2012:0682", "RHSA-2012:1088", "RHSA-2012:1089", "RHSA-2013:0126", "RHSA-2013:1455"]}, {"type": "rubygems", "idList": ["RUBY:RUBY-2011-3389-74829"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24526", "SECURITYVULNS:DOC:25974", "SECURITYVULNS:DOC:26262", "SECURITYVULNS:DOC:26457", "SECURITYVULNS:DOC:26586", "SECURITYVULNS:DOC:26596", "SECURITYVULNS:DOC:26597", "SECURITYVULNS:DOC:26666", "SECURITYVULNS:DOC:26853", "SECURITYVULNS:DOC:26931", "SECURITYVULNS:DOC:27147", "SECURITYVULNS:DOC:27151", "SECURITYVULNS:DOC:27154", "SECURITYVULNS:DOC:27155", "SECURITYVULNS:DOC:27156", "SECURITYVULNS:DOC:27218", "SECURITYVULNS:DOC:27219", "SECURITYVULNS:DOC:27228", "SECURITYVULNS:DOC:27283", "SECURITYVULNS:DOC:27302", "SECURITYVULNS:DOC:27395", "SECURITYVULNS:DOC:27424", "SECURITYVULNS:DOC:27485", "SECURITYVULNS:DOC:27514", "SECURITYVULNS:DOC:27515", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:27741", "SECURITYVULNS:DOC:27742", "SECURITYVULNS:DOC:28070", "SECURITYVULNS:DOC:28081", "SECURITYVULNS:DOC:28232", "SECURITYVULNS:DOC:28352", "SECURITYVULNS:DOC:28576", "SECURITYVULNS:DOC:28577", "SECURITYVULNS:DOC:28598", "SECURITYVULNS:DOC:28706", "SECURITYVULNS:DOC:28707", "SECURITYVULNS:DOC:29602", "SECURITYVULNS:DOC:29623", "SECURITYVULNS:DOC:29856", "SECURITYVULNS:DOC:30335", "SECURITYVULNS:DOC:30412", "SECURITYVULNS:DOC:30448", "SECURITYVULNS:DOC:30449", "SECURITYVULNS:DOC:30611", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:VULN:11070", "SECURITYVULNS:VULN:11518", "SECURITYVULNS:VULN:11522", "SECURITYVULNS:VULN:11634", "SECURITYVULNS:VULN:11704", "SECURITYVULNS:VULN:11749", "SECURITYVULNS:VULN:11754", "SECURITYVULNS:VULN:11763", "SECURITYVULNS:VULN:11798", "SECURITYVULNS:VULN:11853", "SECURITYVULNS:VULN:11864", "SECURITYVULNS:VULN:11879", "SECURITYVULNS:VULN:11880", "SECURITYVULNS:VULN:11967", "SECURITYVULNS:VULN:11971", "SECURITYVULNS:VULN:11972", "SECURITYVULNS:VULN:11973", "SECURITYVULNS:VULN:11974", "SECURITYVULNS:VULN:11988", "SECURITYVULNS:VULN:12002", "SECURITYVULNS:VULN:12037", "SECURITYVULNS:VULN:12065", "SECURITYVULNS:VULN:12116", "SECURITYVULNS:VULN:12137", "SECURITYVULNS:VULN:12164", "SECURITYVULNS:VULN:12239", "SECURITYVULNS:VULN:12240", "SECURITYVULNS:VULN:12382", "SECURITYVULNS:VULN:12518", "SECURITYVULNS:VULN:12596", "SECURITYVULNS:VULN:12610", "SECURITYVULNS:VULN:12679", "SECURITYVULNS:VULN:13186", "SECURITYVULNS:VULN:13198", "SECURITYVULNS:VULN:13214", "SECURITYVULNS:VULN:13310", "SECURITYVULNS:VULN:13423", "SECURITYVULNS:VULN:13583", "SECURITYVULNS:VULN:13647", "SECURITYVULNS:VULN:13663", "SECURITYVULNS:VULN:13730", "SECURITYVULNS:VULN:14233"]}, {"type": "seebug", "idList": ["SSV:20381", "SSV:20582", "SSV:20603", "SSV:20665", "SSV:20694", "SSV:20701", "SSV:20730", "SSV:20934", "SSV:20957", "SSV:21013", "SSV:23137", "SSV:23144", "SSV:23209", "SSV:23210", "SSV:30075", "SSV:30077", "SSV:30079", "SSV:30083", "SSV:30084", "SSV:30085", "SSV:30086", "SSV:30181", "SSV:60029", "SSV:60130", "SSV:60133", "SSV:60220", "SSV:60296", "SSV:71717", "SSV:71847"]}, {"type": "slackware", "idList": ["SSA-2011-098-01", "SSA-2011-237-01", "SSA-2011-284-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:0693-1", "OPENSUSE-SU-2011:0695-1", "OPENSUSE-SU-2011:1217-1", "OPENSUSE-SU-2011:1299-1", "OPENSUSE-SU-2012:0015-1", "OPENSUSE-SU-2012:0047-1", "OPENSUSE-SU-2020:0086-1", "SUSE-SA:2011:035", "SUSE-SU-2011:0691-1", "SUSE-SU-2011:0692-1", "SUSE-SU-2011:1035-1", "SUSE-SU-2011:1035-2", "SUSE-SU-2011:1215-1", "SUSE-SU-2011:1256-2", "SUSE-SU-2011:1306-1", "SUSE-SU-2011:1307-1", "SUSE-SU-2012:0114-1", "SUSE-SU-2012:0114-2", "SUSE-SU-2012:0122-1", "SUSE-SU-2012:0122-2", "SUSE-SU-2012:0496-1", "SUSE-SU-2012:0553-1", "SUSE-SU-2012:0602-1", "SUSE-SU-2013:1351-1"]}, {"type": "threatpost", "idList": ["THREATPOST:163A6E502D29C451AA1A20E62CA10C1C", "THREATPOST:4C519AC769DD91EACC048555506378AF"]}, {"type": "tomcat", "idList": ["TOMCAT:069B7EBB4E58EC2D5411D908E561D693", "TOMCAT:849CF1402BC4CAFABDA4ED36FA85F4FA", "TOMCAT:EA3D2D7C5F724461ADF487B3F1B37FFE"]}, {"type": "ubuntu", "idList": ["USN-1102-1", "USN-1126-1", "USN-1126-2", "USN-1144-1", "USN-1158-1", "USN-1191-1", "USN-1229-1", "USN-1231-1", "USN-1252-1", "USN-1259-1", "USN-1263-1", "USN-1263-2", "USN-1267-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-1637", "UB:CVE-2010-2813", "UB:CVE-2010-4554", "UB:CVE-2010-4555", "UB:CVE-2011-1148", "UB:CVE-2011-1167", "UB:CVE-2011-1657", "UB:CVE-2011-1752", "UB:CVE-2011-1783", "UB:CVE-2011-1921", "UB:CVE-2011-1938", "UB:CVE-2011-2023", "UB:CVE-2011-2192", "UB:CVE-2011-2202", "UB:CVE-2011-2204", "UB:CVE-2011-2483", "UB:CVE-2011-2752", "UB:CVE-2011-2753", "UB:CVE-2011-2895", "UB:CVE-2011-2896", "UB:CVE-2011-2937", "UB:CVE-2011-3182", "UB:CVE-2011-3189", "UB:CVE-2011-3256", "UB:CVE-2011-3267", "UB:CVE-2011-3268", "UB:CVE-2011-3328", "UB:CVE-2011-3348", "UB:CVE-2011-3389", "UB:CVE-2011-3439", "UB:CVE-2012-2124", "UB:CVE-2015-8793"]}, {"type": "veracode", "idList": ["VERACODE:10835", "VERACODE:13872", "VERACODE:13873", "VERACODE:13874", "VERACODE:13875", "VERACODE:13876", "VERACODE:13877", "VERACODE:13878", "VERACODE:13879", "VERACODE:13880", "VERACODE:13881", "VERACODE:13882", "VERACODE:13883", "VERACODE:13884", "VERACODE:13885", "VERACODE:13886", "VERACODE:13887", "VERACODE:14770", "VERACODE:24438", "VERACODE:24677", "VERACODE:24696", "VERACODE:24697", "VERACODE:24698", "VERACODE:24727", "VERACODE:24732", "VERACODE:24744", "VERACODE:24749", "VERACODE:24750", "VERACODE:24768", "VERACODE:24774", "VERACODE:24824", "VERACODE:24825", "VERACODE:24826", "VERACODE:24827", "VERACODE:24828", "VERACODE:3983", "VERACODE:43757"]}, {"type": "vmware", "idList": ["VMSA-2012-0001", "VMSA-2012-0001.2"]}, {"type": "zdi", "idList": ["ZDI-11-107", "ZDI-11-228", "ZDI-11-304", "ZDI-11-315", "ZDI-11-340", "ZDI-12-004", "ZDI-12-005", "ZDI-12-058", "ZDI-12-103", "ZDI-12-130"]}]}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2011-025"]}, {"type": "centos", "idList": ["CESA-2011:0392", "CESA-2011:0861", "CESA-2011:0862", "CESA-2011:0918", "CESA-2011:1154", "CESA-2011:1155", "CESA-2011:1161", "CESA-2011:1377", "CESA-2011:1378", "CESA-2011:1380", "CESA-2011:1402", "CESA-2011:1423", "CESA-2011:1780", "CESA-2011:1845", "CESA-2012:0033", "CESA-2012:0071", "CESA-2012:0103", "CESA-2012:1088", "CESA-2012:1089", "CESA-2013:0126"]}, {"type": "cert", "idList": ["VU:410281"]}, {"type": "checkpoint_security", "idList": ["CPS:SK86440"]}, {"type": "cisa", "idList": ["CISA:416670C72E770A232740008F181D0B01"]}, {"type": "cve", "idList": ["CVE-2010-1637", "CVE-2010-2813", "CVE-2010-4554", "CVE-2010-4555", "CVE-2011-0200", "CVE-2011-0241", "CVE-2011-1148", "CVE-2011-1167", "CVE-2011-1657"]}, {"type": "debian", "idList": ["DEBIAN:BSA-068:BAE64", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DSA-2210-2:5A47B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1783", "DEBIANCVE:CVE-2011-3256", "DEBIANCVE:CVE-2011-3389"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E01EEEA67E34582F2A422D4CD1795D05"]}, {"type": "f5", "idList": ["SOL13400", "SOL13518", "SOL13519", "SOL15441", "SOL15899", "SOL15903"]}, {"type": "fedora", "idList": ["FEDORA:179F720CEB", "FEDORA:206E92195B", "FEDORA:2AA70C0AD2", "FEDORA:4053B20CDA", "FEDORA:45E2C214D4", "FEDORA:5A57F22DE8", "FEDORA:5D9FC21312", "FEDORA:5DDA721219", "FEDORA:6247110F93D", "FEDORA:633B721592", "FEDORA:7617922E25", "FEDORA:7A6DB110620", "FEDORA:9717C110A7D", "FEDORA:DD57B208B1", "FEDORA:E779120CA7"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB", "18CE9A90-F269-11E1-BE53-080027EF73EC", "304409C3-C3EF-11E0-8AA5-485D60CB5385", "4AE68E7C-DDA4-11E0-A906-00215C6A37BB", "54075E39-04AC-11E1-A94E-BCAEC565249C", "9AECB94C-C1AD-11E3-A5AC-001B21614864", "A4A809D8-25C8-11E1-B531-00215C6A37BB", "E27A1AF3-8D21-11E0-A45D-001E8C75030D", "FEE94342-4638-11E1-9F47-00E0815B8DA8"]}, {"type": "gentoo", "idList": ["GLSA-201209-02", "GLSA-201309-11", "GLSA-201402-23"]}, {"type": "ibm", "idList": ["DDCE3DF1C0F2F3507A59F94E81A8ADEA101DC8CB5DCFAEE3754B7E7CBB0C41CB"]}, {"type": "ics", "idList": ["ICSA-19-192-04"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-OSX-ADDRESSBOOK-CVE-2011-3441/", "MSF:ILITIES/APPLE-OSX-LOGINWINDOW-CVE-2011-3389/", "MSF:ILITIES/FREEBSD-VID-18CE9A90-F269-11E1-BE53-080027EF73EC/", "MSF:ILITIES/VMSA-2012-0005-CVE-2011-3389/"]}, {"type": "nessus", "idList": ["6303.PRM", "801392.PRM", "ALA_ALAS-2011-09.NASL", "APPLE_IOS_60_CHECK.NBIN", "CENTOS_RHSA-2011-0862.NASL", "CENTOS_RHSA-2011-0918.NASL", "CENTOS_RHSA-2011-1154.NASL", "CENTOS_RHSA-2012-0071.NASL", "DEBIAN_DSA-2266.NASL", "DEBIAN_DSA-2293.NASL", "DEBIAN_DSA-2358.NASL", "FEDORA_2010-11410.NASL", "FEDORA_2011-11464.NASL", "FEDORA_2011-11528.NASL", "FEDORA_2011-13456.NASL", "GENTOO_GLSA-201111-02.NASL", "MACOSX_10_7_5.NASL", "MACOSX_SECUPD2012-001.NASL", "MANDRIVA_MDVSA-2011-130.NASL", "MANDRIVA_MDVSA-2011-180.NASL", "MANDRIVA_MDVSA-2012-096.NASL", "OPENSUSE-2012-76.NASL", "OPENSUSE-2020-86.NASL", "ORACLELINUX_ELSA-2011-1402.NASL", "ORACLELINUX_ELSA-2012-0071.NASL", "PHP_5_3_8.NASL", "REDHAT-RHSA-2012-0508.NASL", "SUSE_11_3_MAN-PAGES-110823.NASL", "SUSE_11_4_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_4_OPERA-110906.NASL", "SUSE_GLIBC-BLOWFISH-7663.NASL", "SUSE_LIBCURL4-8618.NASL", "SUSE_SU-2020-0114-1.NASL", "SUSE_YAST2-CORE-7726.NASL", "UBUNTU_USN-1102-1.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103229", "OPENVAS:1361412562310122011", "OPENVAS:1361412562310122020", "OPENVAS:1361412562310122068", "OPENVAS:1361412562310122209", "OPENVAS:136141256231069958", "OPENVAS:136141256231069973", "OPENVAS:136141256231070227", "OPENVAS:136141256231070246", "OPENVAS:136141256231070415", "OPENVAS:136141256231070543", "OPENVAS:136141256231071249", "OPENVAS:1361412562310802329", "OPENVAS:1361412562310802830", "OPENVAS:1361412562310831500", "OPENVAS:1361412562310831686", "OPENVAS:1361412562310840626", "OPENVAS:1361412562310840674", "OPENVAS:1361412562310863520", "OPENVAS:1361412562310864037", "OPENVAS:1361412562310864384", "OPENVAS:1361412562310864392", "OPENVAS:1361412562310869126", "OPENVAS:1361412562310881028", "OPENVAS:1361412562310881147", "OPENVAS:1361412562310881256", "OPENVAS:1361412562310881275", "OPENVAS:1361412562310881298", "OPENVAS:1361412562310881355", "OPENVAS:1361412562310881438", "OPENVAS:70543", "OPENVAS:70716", "OPENVAS:70791", "OPENVAS:72419", "OPENVAS:840772", "OPENVAS:862307", "OPENVAS:863017", "OPENVAS:863312", "OPENVAS:863518", "OPENVAS:863523", "OPENVAS:863594", "OPENVAS:863697", "OPENVAS:863728", "OPENVAS:863748", "OPENVAS:864068", "OPENVAS:864088", "OPENVAS:865325", "OPENVAS:870463", "OPENVAS:880960", "OPENVAS:881310", "OPENVAS:881360", "OPENVAS:902474"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2015-2367936", "ORACLE:CPUJULY2013-1899826"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0392", "ELSA-2011-1161", "ELSA-2011-1380", "ELSA-2011-1780", "ELSA-2012-0103", "ELSA-2013-0126"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:101665"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2011:0392", "RHSA-2011:0862", "RHSA-2011:1780", "RHSA-2012:0103", "RHSA-2012:0508", "RHSA-2012:0681", "RHSA-2013:0126"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27155", "SECURITYVULNS:DOC:28352", "SECURITYVULNS:DOC:28706", "SECURITYVULNS:DOC:28707", "SECURITYVULNS:DOC:30611", "SECURITYVULNS:VULN:11754", "SECURITYVULNS:VULN:11880", "SECURITYVULNS:VULN:12240", "SECURITYVULNS:VULN:13310"]}, {"type": "seebug", "idList": ["SSV:23209", "SSV:23210", "SSV:30077", "SSV:30079", "SSV:30084", "SSV:30085", "SSV:30086", "SSV:30181", "SSV:60029"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:1217-1", "OPENSUSE-SU-2012:0015-1", "OPENSUSE-SU-2020:0086-1", "SUSE-SU-2011:1307-1", "SUSE-SU-2012:0122-1"]}, {"type": "threatpost", "idList": ["THREATPOST:4C519AC769DD91EACC048555506378AF"]}, {"type": "tomcat", "idList": ["TOMCAT:069B7EBB4E58EC2D5411D908E561D693"]}, {"type": "ubuntu", "idList": ["USN-1158-1", "USN-1267-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-4554", "UB:CVE-2011-1148", "UB:CVE-2011-1657", "UB:CVE-2011-3182", "UB:CVE-2011-3328", "UB:CVE-2011-3389"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}, {"type": "zdi", "idList": ["ZDI-11-228", "ZDI-11-304", "ZDI-11-315", "ZDI-11-340", "ZDI-12-004", "ZDI-12-005", "ZDI-12-058", "ZDI-12-103", "ZDI-12-130"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2011-3462", "epss": "0.004080000", "percentile": "0.697610000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3448", "epss": "0.006030000", "percentile": "0.752450000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1148", "epss": "0.015790000", "percentile": "0.852740000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3444", "epss": "0.001850000", "percentile": "0.540250000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1783", "epss": "0.007150000", "percentile": "0.774860000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3246", "epss": "0.005250000", "percentile": "0.733700000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3249", "epss": "0.068190000", "percentile": "0.927570000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3189", "epss": "0.014080000", "percentile": "0.844140000", "modified": "2023-03-15"}, {"cve": "CVE-2011-0241", "epss": "0.023030000", "percentile": "0.879660000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1752", "epss": "0.007190000", "percentile": "0.775740000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1938", "epss": "0.019890000", "percentile": "0.869990000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3449", "epss": "0.005340000", "percentile": "0.735870000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3441", "epss": "0.003580000", "percentile": "0.677480000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3453", "epss": "0.037780000", "percentile": "0.904230000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3422", "epss": "0.001540000", "percentile": "0.499310000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3248", "epss": "0.082030000", "percentile": "0.932950000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2483", "epss": "0.004370000", "percentile": "0.707410000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3457", "epss": "0.015740000", "percentile": "0.852550000", "modified": "2023-03-15"}, {"cve": "CVE-2010-2813", "epss": "0.114690000", "percentile": "0.943080000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3463", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3389", "epss": "0.002110000", "percentile": "0.572340000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2204", "epss": "0.000450000", "percentile": "0.124140000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3256", "epss": "0.023320000", "percentile": "0.880270000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1657", "epss": "0.018190000", "percentile": "0.863320000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1167", "epss": "0.184030000", "percentile": "0.953610000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3252", "epss": "0.087920000", "percentile": "0.935020000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3268", "epss": "0.011820000", "percentile": "0.828780000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3328", "epss": "0.040160000", "percentile": "0.906930000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2023", "epss": "0.003170000", "percentile": "0.656830000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3182", "epss": "0.022540000", "percentile": "0.878330000", "modified": "2023-03-15"}, {"cve": "CVE-2010-4554", "epss": "0.004460000", "percentile": "0.710040000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1921", "epss": "0.001730000", "percentile": "0.526630000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3459", "epss": "0.039760000", "percentile": "0.906510000", "modified": "2023-03-15"}, {"cve": "CVE-2010-4555", "epss": "0.003160000", "percentile": "0.656390000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3250", "epss": "0.871980000", "percentile": "0.980090000", "modified": "2023-03-15"}, {"cve": "CVE-2011-0200", "epss": "0.058020000", "percentile": "0.921970000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3267", "epss": "0.009580000", "percentile": "0.808950000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3458", "epss": "0.015570000", "percentile": "0.851510000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3447", "epss": "0.002590000", "percentile": "0.618630000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3460", "epss": "0.052400000", "percentile": "0.918000000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3348", "epss": "0.959920000", "percentile": "0.990930000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2202", "epss": "0.064840000", "percentile": "0.925750000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3452", "epss": "0.002590000", "percentile": "0.618630000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3450", "epss": "0.005340000", "percentile": "0.735870000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2895", "epss": "0.012050000", "percentile": "0.830590000", "modified": "2023-03-15"}, {"cve": "CVE-2010-1637", "epss": "0.002610000", "percentile": "0.620570000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2937", "epss": "0.003420000", "percentile": "0.669490000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2192", "epss": "0.002280000", "percentile": "0.592420000", "modified": "2023-03-15"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1700514161, "score": 1700514563, "epss": 0}, "_internal": {"score_hash": "0fb638bfd7ac001d98726eb1be35e2dc"}, "pluginID": "802392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su12-001.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Mac OS X Multiple Vulnerabilities (2012-001)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreText, CoreUI\n curl, Data Security, dovecot, filecmds, ImageIO, Internet Sharing, Libinfo,\n libresolv, libsecurity, OpenGL, PHP, QuickTime, SquirrelMail, X11, Webmail,\n Tomcat, WebDAV Sharing.\";\ntag_insight = \"For more information on the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Mac OS X 10.7.3 or\n Run Mac Updates and update the Security Update 2012-001\n For updates refer to http://support.apple.com/kb/HT1222\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.\";\n\nif(description)\n{\n script_id(802392);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2011-3444\", \"CVE-2011-3348\", \"CVE-2011-3389\", \"CVE-2011-3246\",\n \"CVE-2011-3447\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3448\",\n \"CVE-2011-3449\", \"CVE-2011-3450\", \"CVE-2011-2192\", \"CVE-2011-2895\",\n \"CVE-2011-3452\", \"CVE-2011-3441\", \"CVE-2011-3453\", \"CVE-2011-3422\",\n \"CVE-2011-3457\", \"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\",\n \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\",\n \"CVE-2011-3267\", \"CVE-2011-3268\", \"CVE-2011-3256\", \"CVE-2011-3328\",\n \"CVE-2011-3458\", \"CVE-2011-3248\", \"CVE-2011-3459\", \"CVE-2011-3250\",\n \"CVE-2011-3460\", \"CVE-2011-3249\", \"CVE-2010-1637\", \"CVE-2010-2813\",\n \"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-1752\",\n \"CVE-2011-1783\", \"CVE-2011-1921\", \"CVE-2011-3462\", \"CVE-2011-2204\",\n \"CVE-2011-3463\", \"CVE-2011-2937\", \"CVE-2011-0241\", \"CVE-2011-1167\");\n script_bugtraq_id(51810, 49616, 49778, 50115, 51813, 48416, 50065, 51817, 51812,\n 51815, 48434, 49124, 48833, 46951, 49744, 51819, 50641, 51807,\n 49429, 51808, 46843, 49252, 47950, 48259, 49241, 49249, 49376,\n 50155, 51809, 50400, 51811, 50401, 51814, 50404, 40291, 42399,\n 48648, 48091, 51818, 48456, 51816, 49229, 47820, 49303, 50092,\n 50112, 50091, 50099, 48007, 48566, 37118);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-06 17:42:28 +0530 (Mon, 06 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X Multiple Vulnerabilities (2012-001)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5130\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47843/\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026627\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Variables Initialization\nosName = \"\";\nosVer = NULL;\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2011.006\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.001\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Check if OS is 10.7 through 10.7.2\n if(version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.2\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "naslFamily": "Mac OS X Local Security Checks"}

{"securityvulns": [{"lastseen": "2021-06-08T19:03:09", "description": "Graphics, Video, Audio and documents parsing vulnerabilities. Information leakage, code execution via DNS resolver. Privilege escalation. Vulnerabilities in 3rd party packages.", "cvss3": {}, "published": "2012-02-03T00:00:00", "type": "securityvulns", "title": "Apple OS X multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "modified": "2012-02-03T00:00:00", "id": "SECURITYVULNS:VULN:12164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12164", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\r\n\r\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\r\naddresses the following:\r\n\r\nAddress Book\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker in a privileged network position may intercept\r\nCardDAV data\r\nDescription: Address Book supports Secure Sockets Layer (SSL) for\r\naccessing CardDAV. A downgrade issue caused Address Book to attempt\r\nan unencrypted connection if an encrypted connection failed. An\r\nattacker in a privileged network position could abuse this behavior\r\nto intercept CardDAV data. This issue is addressed by not downgrading\r\nto an unencrypted connection without user approval.\r\nCVE-ID\r\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.21 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. Further information is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-3348\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nApache disabled the 'empty fragment' countermeasure which prevented\r\nthese attacks. This issue is addressed by providing a configuration\r\nparameter to control the countermeasure and enabling it by default.\r\nCVE-ID\r\nCVE-2011-3389\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nthe request to an incorrect origin server. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nunexpected request headers. This issue does not affect systems prior\r\nto OS X Lion.\r\nCVE-ID\r\nCVE-2011-3447 : Erling Ellingsen of Facebook\r\n\r\nColorSync\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreAudio\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Playing maliciously crafted audio content may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of AAC\r\nencoded audio streams. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in CoreMedia's handling\r\nof H.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3448 : Scott Stender of iSEC Partners\r\n\r\nCoreText\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: A use after free issue existed in the handling of font\r\nfiles.\r\nCVE-ID\r\nCVE-2011-3449 : Will Dormann of the CERT/CC\r\n\r\nCoreUI\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a malicious website may lead to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: An unbounded stack allocation issue existed in the\r\nhandling of long URLs. This issue does not affect systems prior to OS\r\nX Lion.\r\nCVE-ID\r\nCVE-2011-3450 : Ben Syverson\r\n\r\ncurl\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: A remote server may be able to impersonate clients via\r\nGSSAPI requests\r\nDescription: When doing GSSAPI authentication, libcurl\r\nunconditionally performs credential delegation. This issue is\r\naddressed by disabling GSSAPI credential delegation.\r\nCVE-ID\r\nCVE-2011-2192\r\n\r\nData Security\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Two certificate authorities in the list of trusted root\r\ncertificates have independently issued intermediate certificates to\r\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\r\nweak keys that it is unable to revoke. An attacker with a privileged\r\nnetwork position could intercept user credentials or other sensitive\r\ninformation intended for a site with a certificate issued by DigiCert\r\nMalaysia. This issue is addressed by configuring default system trust\r\nsettings so that DigiCert Malaysia's certificates are not trusted. We\r\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\r\nthis issue.\r\n\r\ndovecot\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nDovecot disabled the 'empty fragment' countermeasure which prevented\r\nthese attacks. This issue is addressed by enabling the\r\ncountermeasure.\r\nCVE-ID\r\nCVE-2011-3389 : Apple\r\n\r\nfilecmds\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Decompressing a maliciously crafted compressed file may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the 'uncompress' command\r\nline tool.\r\nCVE-ID\r\nCVE-2011-2895\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of\r\nThunderScan encoded TIFF images. This issue is address by updating\r\nlibtiff to version 3.9.5.\r\nCVE-ID\r\nCVE-2011-1167\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in libpng 1.5.4\r\nDescription: libpng is updated to version 1.5.5 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-3328\r\n\r\nInternet Sharing\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: A Wi-Fi network created by Internet Sharing may lose\r\nsecurity settings after a system update\r\nDescription: After updating to a version of OS X Lion prior to\r\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\r\nto factory defaults, which disables the WEP password. This issue only\r\naffects systems with Internet Sharing enabled and sharing the\r\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\r\nconfiguration during a system update.\r\nCVE-ID\r\nCVE-2011-3452 : an anonymous researcher\r\n\r\nLibinfo\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in Libinfo's handling of hostname\r\nlookup requests. Libinfo could return incorrect results for a\r\nmaliciously crafted hostname. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3441 : Erling Ellingsen of Facebook\r\n\r\nlibresolv\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Applications that use OS X's libresolv library may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer overflow existed in the parsing of DNS\r\nresource records, which may lead to heap memory corruption.\r\nCVE-ID\r\nCVE-2011-3453 : Ilja van Sprundel of IOActive\r\n\r\nlibsecurity\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Some EV certificates may be trusted even if the\r\ncorresponding root has been marked as untrusted\r\nDescription: The certificate code trusted a root certificate to sign\r\nEV certificates if it was on the list of known EV issuers, even if\r\nthe user had marked it as 'Never Trust' in Keychain. The root would\r\nnot be trusted to sign non-EV certificates.\r\nCVE-ID\r\nCVE-2011-3422 : Alastair Houghton\r\n\r\nOpenGL\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Applications that use OS X's OpenGL implementation may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of GLSL compilation.\r\nCVE-ID\r\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\r\nMarc Schoenefeld of the Red Hat Security Response Team\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in PHP 5.3.6\r\nDescription: PHP is updated to version 5.3.8 to address several\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the PHP web site at\r\nhttp://www.php.net\r\nCVE-ID\r\nCVE-2011-1148\r\nCVE-2011-1657\r\nCVE-2011-1938\r\nCVE-2011-2202\r\nCVE-2011-2483\r\nCVE-2011-3182\r\nCVE-2011-3189\r\nCVE-2011-3267\r\nCVE-2011-3268\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in FreeType's\r\nhandling of Type 1 fonts. This issue is addressed by updating\r\nFreeType to version 2.4.7. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in libpng 1.5.4\r\nDescription: libpng is updated to version 1.5.5 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-3328\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\r\nan unexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of MP4 encoded files.\r\nCVE-ID\r\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\r\nTippingPoint's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of font\r\ntables embedded in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An off by one buffer overflow existed in the handling\r\nof rdrf atoms in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted JPEG2000 image file may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nfiles.\r\nCVE-ID\r\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Processing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PNG files.\r\nCVE-ID\r\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of FLC\r\nencoded movie files\r\nCVE-ID\r\nCVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSquirrelMail\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in SquirrelMail\r\nDescription: SquirrelMail is updated to version 1.4.22 to address\r\nseveral vulnerabilities, the most serious of which is a cross-site\r\nscripting issue. This issue does not affect OS X Lion systems.\r\nFurther information is available via the SquirrelMail web site at\r\nhttp://www.SquirrelMail.org/\r\nCVE-ID\r\nCVE-2010-1637\r\nCVE-2010-2813\r\nCVE-2010-4554\r\nCVE-2010-4555\r\nCVE-2011-2023\r\n\r\nSubversion\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Accessing a Subversion repository may lead to the disclosure\r\nof sensitive information\r\nDescription: Subversion is updated to version 1.6.17 to address\r\nmultiple vulnerabilities, the most serious of which may lead to the\r\ndisclosure of sensitive information. Further information is available\r\nvia the Subversion web site at http://subversion.tigris.org/\r\nCVE-ID\r\nCVE-2011-1752\r\nCVE-2011-1783\r\nCVE-2011-1921\r\n\r\nTime Machine\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: A remote attacker may access new backups created by the\r\nuser's system\r\nDescription: The user may designate a remote AFP volume or Time\r\nCapsule to be used for Time Machine backups. Time Machine did not\r\nverify that the same device was being used for subsequent backup\r\noperations. An attacker who is able to spoof the remote volume could\r\ngain access to new backups created by the user's system. This issue\r\nis addressed by verifying the unique identifier associated with a\r\ndisk for backup operations.\r\nCVE-ID\r\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\r\nDresden\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.32\r\nDescription: Tomcat is updated to version 6.0.33 to address multiple\r\nvulnerabilities, the most serious of which may lead to the disclosure\r\nof sensitive information. Tomcat is only provided on Mac OS X Server\r\nsystems. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Tomcat site at\r\nhttp://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2011-2204\r\n\r\nWebDAV Sharing\r\nAvailable for: OS X Lion Server v10.7 to v10.7.2\r\nImpact: Local users may obtain system privileges\r\nDescription: An issue existed in WebDAV Sharing's handling of user\r\nauthentication. A user with a valid account on the server or one of\r\nits bound directories could cause the execution of arbitrary code\r\nwith system privileges. This issue does not affect systems prior to\r\nOS X Lion.\r\nCVE-ID\r\nCVE-2011-3463 : Gordon Davisson of Crywolf\r\n\r\nWebmail\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted e-mail message may lead to the\r\ndisclosure of message content\r\nDescription: A cross-site scripting vulnerability existed in the\r\nhandling of mail messages. This issue is addressed by updating\r\nRoundcube Webmail to version 0.6. This issue does not affect systems\r\nprior to OS X Lion. Further information is available via the\r\nRoundcube site at http://trac.roundcube.net/\r\nCVE-ID\r\nCVE-2011-2937\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in FreeType's\r\nhandling of Type 1 fonts. This issue is addressed by updating\r\nFreeType to version 2.4.7. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2021-001 or OS X v10.7.3.\r\n\r\nFor OS X Lion v10.7.2\r\nThe download file is named: MacOSXUpd10.7.3.dmg\r\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\r\n\r\nFor OS X Lion v10.7 and v10.7.1\r\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\r\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\r\n\r\nFor OS X Lion Server v10.7.2\r\nThe download file is named: MacOSXServerUpd10.7.3.dmg\r\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\r\n\r\nFor OS X Lion Server v10.7 and v10.7.1\r\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\r\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2012-001Snow.dmg\r\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2012-001.dmg\r\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\r\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\r\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\r\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\r\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\r\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\r\n=c1eU\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-02-03T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-3348", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "modified": "2012-02-03T00:00:00", "id": "SECURITYVULNS:DOC:27600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27600", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:08:50", "description": "NULL pointer dereference, ZipArchive mmemroy corruptions.", "cvss3": {}, "published": "2011-08-27T00:00:00", "type": "securityvulns", "title": "PHP multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-2202"], "modified": "2011-08-27T00:00:00", "id": "SECURITYVULNS:VULN:11879", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11879", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:08:50", "description": "Memory corruptions in different functions.", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "securityvulns", "title": "PHP multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3189", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-3267"], "modified": "2011-10-12T00:00:00", "id": "SECURITYVULNS:VULN:11967", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11967", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[slackware-security] php (SSA:2011-237-01)\r\n\r\nNew php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\r\n13.1, 13.37, and -current to fix security issues.\r\n\r\n\r\nHere are the details from the Slackware 13.37 ChangeLog:\r\n+--------------------------+\r\npatches/packages/php-5.3.8-i486-1_slack13.37.txz: Upgraded.\r\n Security fixes vs. 5.3.6 (5.3.7 was not usable):\r\n Updated crypt_blowfish to 1.2. (CVE-2011-2483)\r\n Fixed crash in error_log(). Reported by Mateusz Kocielski\r\n Fixed buffer overflow on overlog salt in crypt().\r\n Fixed bug #54939 (File path injection vulnerability in RFC1867\r\n File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\r\n Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)\r\n Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)\r\n For more information, see:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n For those upgrading from PHP 5.2.x, be aware that quite a bit has\r\n changed, and it will very likely not 'drop in', but PHP 5.2.x is not\r\n supported by php.net any longer, so there wasn't a lot of choice\r\n in the matter. We're not able to support a security fork of\r\n PHP 5.2.x here either, so you'll have to just bite the bullet on\r\n this. You'll be better off in the long run. :)\r\n (* Security fix *)\r\n+--------------------------+\r\n\r\n\r\nWhere to find the new packages:\r\n+-----------------------------+\r\n\r\nThanks to the friendly folks at the OSU Open Source Lab\r\n(http://osuosl.org) for donating FTP and rsync hosting\r\nto the Slackware project! :-)\r\n\r\nAlso see the "Get Slack" section on http://slackware.com for\r\nadditional mirror sites near you.\r\n\r\nUpdated package for Slackware 11.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.3.8-i486-1_slack11.0.tgz\r\n\r\nUpdated package for Slackware 12.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.8-i486-1_slack12.0.tgz\r\n\r\nUpdated package for Slackware 12.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.8-i486-1_slack12.1.tgz\r\n\r\nUpdated package for Slackware 12.2:\r\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.8-i486-1_slack12.2.tgz\r\n\r\nUpdated package for Slackware 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.8-i486-1_slack13.0.txz\r\n\r\nUpdated package for Slackware x86_64 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.8-x86_64-1_slack13.0.txz\r\n\r\nUpdated package for Slackware 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.8-i486-1_slack13.1.txz\r\n\r\nUpdated package for Slackware x86_64 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.8-x86_64-1_slack13.1.txz\r\n\r\nUpdated package for Slackware 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.8-i486-1_slack13.37.txz\r\n\r\nUpdated package for Slackware x86_64 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.8-x86_64-1_slack13.37.txz\r\n\r\nUpdated package for Slackware -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.8-i486-1.txz\r\n\r\nUpdated package for Slackware x86_64 -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.8-x86_64-1.txz\r\n\r\n\r\nMD5 signatures:\r\n+-------------+\r\n\r\nSlackware 11.0 package:\r\n9c68e64817dc0303a098463f3449d457 php-5.3.8-i486-1_slack11.0.tgz\r\n\r\nSlackware 12.0 package:\r\ne87e96a218cfc61be65c5662dc51af88 php-5.3.8-i486-1_slack12.0.tgz\r\n\r\nSlackware 12.1 package:\r\n83de1f7eee73c4b84c890e39b7a587d6 php-5.3.8-i486-1_slack12.1.tgz\r\n\r\nSlackware 12.2 package:\r\n68995a7d24e2fb0666cab69310f2c2b4 php-5.3.8-i486-1_slack12.2.tgz\r\n\r\nSlackware 13.0 package:\r\nccf32b94bf48fdc5ed96ab5fa80cfd14 php-5.3.8-i486-1_slack13.0.txz\r\n\r\nSlackware x86_64 13.0 package:\r\n8e7fed1682a30dffb25b5ebe5bf2f8d1 php-5.3.8-x86_64-1_slack13.0.txz\r\n\r\nSlackware 13.1 package:\r\n4c9be7c00bb297bad6dd2aeae759f116 php-5.3.8-i486-1_slack13.1.txz\r\n\r\nSlackware x86_64 13.1 package:\r\n4f8f56e6f70a89712d96dac2380d8c85 php-5.3.8-x86_64-1_slack13.1.txz\r\n\r\nSlackware 13.37 package:\r\nc44bb52de43ed2ff2cf00fd4ba5b218a php-5.3.8-i486-1_slack13.37.txz\r\n\r\nSlackware x86_64 13.37 package:\r\n54149726aef87ef3da9b5abe5fe27252 php-5.3.8-x86_64-1_slack13.37.txz\r\n\r\nSlackware -current package:\r\n839c90cc461aad85586cdf5d69a9781e n/php-5.3.8-i486-1.txz\r\n\r\nSlackware x86_64 -current package:\r\n330aeaa4a2bff8723641b208678e3d0b n/php-5.3.8-x86_64-1.txz\r\n\r\n\r\nInstallation instructions:\r\n+------------------------+\r\n\r\nUpgrade the package as root:\r\n# upgradepkg php-5.3.8-i486-1_slack13.37.txz\r\n\r\nThen, restart Apache httpd:\r\n# /etc/rc.d/rc.httpd stop\r\n# /etc/rc.d/rc.httpd start\r\n\r\n\r\n+-----+\r\n\r\nSlackware Linux Security Team\r\nhttp://slackware.com/gpg-key\r\nsecurity@slackware.com\r\n\r\n+------------------------------------------------------------------------+\r\n| To leave the slackware-security mailing list: |\r\n+------------------------------------------------------------------------+\r\n| Send an email to majordomo@slackware.com with this text in the body of |\r\n| the email message: |\r\n| |\r\n| unsubscribe slackware-security |\r\n| |\r\n| You will get a confirmation message back containing instructions to |\r\n| complete the process. Please do not reply to this email address. |\r\n+------------------------------------------------------------------------+\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk5WE7oACgkQakRjwEAQIjMo4ACfQEjk63hAFDTcnCrnjl3qmqaT\r\nT3QAn16JTA4XdXMv0IRdnIiklC10PQoO\r\n=M4cG\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-08-27T00:00:00", "type": "securityvulns", "title": "[slackware-security] php (SSA:2011-237-01)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "modified": "2011-08-27T00:00:00", "id": "SECURITYVULNS:DOC:26931", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26931", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:40", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2251-1 security@debian.org\r\nhttp://www.debian.org/security/ Thijs Kinkhorst\r\nJune 02, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : subversion\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 \r\n\r\nSeveral vulnerabilities were discovered in Subversion, the version\r\ncontrol system. The Common Vulnerabilities and Exposures project\r\nidentifies the following problems:\r\n\r\nCVE-2011-1752\r\n\r\n The mod_dav_svn Apache HTTPD server module can be crashed though\r\n when asked to deliver baselined WebDAV resources.\r\n\r\nCVE-2011-1783\r\n\r\n The mod_dav_svn Apache HTTPD server module can trigger a loop which\r\n consumes all available memory on the system.\r\n\r\nCVE-2011-1921\r\n\r\n The mod_dav_svn Apache HTTPD server module may leak to remote users\r\n the file contents of files configured to be unreadable by those\r\n users.\r\n\r\nFor the oldstable distribution (lenny), this problem has been fixed in\r\nversion 1.5.1dfsg1-7.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.6.12dfsg-6.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.6.17dfsg-1.\r\n\r\nWe recommend that you upgrade your subversion packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJN51w8AAoJEOxfUAG2iX578DEH/0AnYvKNnyT4C4jLIDfepOKg\r\nebgFmGapsVOm9lk6YNfrpCue2ecxW+mfU+mMVgHRYv2LRiqAJbyAd+Kb/JcgEwtf\r\nNRZX6SQWO9TP91w/LWWxUbFXKqELUA1NbC7oIuGqcS4TWwcdLK/Z+QYTXorVgJgB\r\nLZkuDvZ6heLxQJVtEMaLtHInOFYu5Q/FAFFyM4Raweha0/Q0LGE6MSqsYNThDoqJ\r\nPTF48OVP4BBbhFVfMXiv8N4SXeRwej+qSHIWLfRkYSuyh0JUzaJaRwaQnz5icWGl\r\nkfF6JGn8izrSaBPPZA0voZ6/Bn31JlWK6QLFvDtuY3n6cG+vi422Y9QZOjIlBD8=\r\n=4u2D\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-06-02T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 2251-1] subversion security update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2011-06-02T00:00:00", "id": "SECURITYVULNS:DOC:26457", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26457", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:44", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:071\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : May 10, 2012\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n This is a bugfix and security advisory that upgrades php to the\r\n latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves\r\n numerous upstream bugs in php. Please refer to the following Mandriva\r\n advisories for further information:\r\n MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180,\r\n MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1657\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3379\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4566\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0788\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0807\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2335\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336\r\n http://www.mandriva.com/security/advisories?name=MDVA-2012:004\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2011:165\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2011:166\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2011:180\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2011:197\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2012:065\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2012:068\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2012:068-1\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n 7361d218b400b6601eef5465f0c132f1 mes5/i586/apache-mod_php-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 23194f266a0a18c9d49fa7760f6d75f7 mes5/i586/lemon-3.7.4-0.1mdvmes5.2.i586.rpm\r\n ee51be362aff5c90c587650c52e5d874 mes5/i586/libmbfl1-1.1.0-0.1mdvmes5.2.i586.rpm\r\n 0cd89098cc20b5ce8acb14d6f6ddc748 mes5/i586/libmbfl-devel-1.1.0-0.1mdvmes5.2.i586.rpm\r\n dedab7019ea9edfeb929fa521191fe09 mes5/i586/libming1-0.4.4-0.1mdvmes5.2.i586.rpm\r\n 881df3313a40b7113d0b2c4d39349c4a mes5/i586/libming-devel-0.4.4-0.1mdvmes5.2.i586.rpm\r\n a09e59b16f2c4fe4a583b65689f0f308 mes5/i586/libmonetra7-7.0.4-0.1mdvmes5.2.i586.rpm\r\n 1cdd454b9561c94253a4d885a1f34370 mes5/i586/libmonetra-devel-7.0.4-0.1mdvmes5.2.i586.rpm\r\n 90dcdd87fb687327fd687e490be5fc7b mes5/i586/libphp5_common5-5.3.13-0.1mdvmes5.2.i586.rpm\r\n cc8e259df098747e849797194711dff1 mes5/i586/libsphinxclient0-0.9.9-0.1mdvmes5.2.i586.rpm\r\n 716d1d5539c4a4eaac5996c70578107d mes5/i586/libsphinxclient-devel-0.9.9-0.1mdvmes5.2.i586.rpm\r\n b271fe2d863cb99d46f99a20c0cab5d3 mes5/i586/libstemmer0-0-5.1mdvmes5.2.i586.rpm\r\n f08df937c8cbc104c32a0b42f77a2b2d mes5/i586/libstemmer-devel-0-5.1mdvmes5.2.i586.rpm\r\n fc04b1140795dafb3a280100a34e1698 mes5/i586/libxmlrpc-epi0-0.54-0.1mdvmes5.2.i586.rpm\r\n ed22bcef35a1b90090a01d5bdf5c2861 mes5/i586/libxmlrpc-epi-devel-0.54-0.1mdvmes5.2.i586.rpm\r\n 3c70ce8653099b8bede16e1d4b1c854c mes5/i586/libyaz3-3.0.48-0.1mdvmes5.2.i586.rpm\r\n d73a3220c42f40c085c1caa3a1797b9a mes5/i586/libyaz-devel-3.0.48-0.1mdvmes5.2.i586.rpm\r\n 8cd9158f64b8d1345e47485ab28b8f87 mes5/i586/ming-utils-0.4.4-0.1mdvmes5.2.i586.rpm\r\n ec6c990e242c299eb3f250a273298534 mes5/i586/perl-SWF-0.4.4-0.1mdvmes5.2.i586.rpm\r\n c199e39972b4633c025cdb4497f866d5 mes5/i586/php-apc-3.1.10-0.1mdvmes5.2.i586.rpm\r\n 4d7b2a7efea30875044fa27ab621855f mes5/i586/php-apc-admin-3.1.10-0.1mdvmes5.2.i586.rpm\r\n b86186ed13e27f5dde58b58e799f9145 mes5/i586/php-bcmath-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 364fb5e17d6f35aeb212e374f8408236 mes5/i586/php-bz2-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 64367f635bddcdb8f799f30bd56db615 mes5/i586/php-calendar-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 040288301616bfb16436f2e5a341ff9f mes5/i586/php-cgi-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 3c265959950263674c5017eda963117e mes5/i586/php-cli-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 42876a7aead3c2ba20de3b237502d317 mes5/i586/php-ctype-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 9ae84a482bced4724fc5b2719a5f7e74 mes5/i586/php-curl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n fb39ca8bc9b3e70dca9eabeb43f1b5a3 mes5/i586/php-dba-5.3.13-0.1mdvmes5.2.i586.rpm\r\n eb9cd33f04b6b8ce9631dbee6ffdfa1c mes5/i586/php-dbx-1.1.0-30.2mdvmes5.2.i586.rpm\r\n 4a289a7a64702fc7bf9167125f172274 mes5/i586/php-devel-5.3.13-0.1mdvmes5.2.i586.rpm\r\n fc09a56f707392c32ef3aeec9a1bb242 mes5/i586/php-dio-0.0.5-0.1mdvmes5.2.i586.rpm\r\n 521e2447d98a8d37aa7fb2fa35787ef2 mes5/i586/php-doc-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 6e0fed6e1c0b5ee5a11645e4956d345c mes5/i586/php-dom-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 5e9298f4d04acef2d164c52697e911eb mes5/i586/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.i586.rpm\r\n 688d1e19c4955521d7a217bd64b1a3aa mes5/i586/php-eaccelerator-admin-0.9.6.1-0.6mdvmes5.2.i586.rpm\r\n c7ba6857a141dbac85afa4f05cdb65ca mes5/i586/php-enchant-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 0c179177f51deb368800f0c08cedc599 mes5/i586/php-exif-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 39f6318d1367c28e8c0365098e7750e4 mes5/i586/php-fam-5.0.1-3.6mdvmes5.2.i586.rpm\r\n 1ef9b6263948c34f46b5fd29321d911c mes5/i586/php-fileinfo-5.3.13-0.1mdvmes5.2.i586.rpm\r\n aad86d693bbe62bba0942b370f6ca246 mes5/i586/php-filepro-5.1.6-13.6mdvmes5.2.i586.rpm\r\n 3868021d3e61c00b8ae6809bb7c0900b mes5/i586/php-filter-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 48b88e31e42379400dc7766ad2c62e5a mes5/i586/php-fpm-5.3.13-0.1mdvmes5.2.i586.rpm\r\n f8cd704030d7d70ea8ebe8346f9f0e0f mes5/i586/php-ftp-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 7c32f002b04ac8072df7aa7fa8b7a8e6 mes5/i586/php-gd-5.3.13-0.1mdvmes5.2.i586.rpm\r\n df5a2a2b26101a778494b26af67766a2 mes5/i586/php-gettext-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 8327f44ffa0b41841ff9b71039017d52 mes5/i586/php-gmp-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 811259cfad20fd63253a7123b7fd27dc mes5/i586/php-gtk2-2.0.1-2.2mdvmes5.2.i586.rpm\r\n be58ace4d69b596b57afd068f7cf3c49 mes5/i586/php-hash-5.3.13-0.1mdvmes5.2.i586.rpm\r\n a17c44ceea8b3f5a0bc55a3af3474af3 mes5/i586/php-iconv-5.3.13-0.1mdvmes5.2.i586.rpm\r\n c89f28160eaf77c3655965bfbed6c3b1 mes5/i586/php-imagick-3.0.1-0.2mdvmes5.2.i586.rpm\r\n 73fa2e549e58fd68ad8a9109c77a7369 mes5/i586/php-imap-5.3.13-0.1mdvmes5.2.i586.rpm\r\n b3c413082301b0a8f4a25f176a87a45e mes5/i586/php-ini-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 6c775dd0ca5396b0ebb70e602db834b6 mes5/i586/php-intl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 5902f72d9bc4f0c025618cd49e5f8e79 mes5/i586/php-json-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 877dc6caffd8bbe76c654ac4a9d18daa mes5/i586/php-ldap-5.3.13-0.1mdvmes5.2.i586.rpm\r\n abe1393ef623af8944406dadd8064c89 mes5/i586/php-mailparse-2.1.6-0.1mdvmes5.2.i586.rpm\r\n 0f498f237e44a451224929ecd24b315c mes5/i586/php-mbstring-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 35eceb3b8e39847fa00a91409afe9407 mes5/i586/php-mcal-0.6-23.6mdvmes5.2.i586.rpm\r\n 385e71ffb5612c05a701ed557e556c62 mes5/i586/php-mcrypt-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 18e3385588deda52c3516375d6d803d0 mes5/i586/php-mcve-7.0.3-0.2mdvmes5.2.i586.rpm\r\n daf72900f0a90864046a67a2d71e6caa mes5/i586/php-mdbtools-1.0.0-4.2mdvmes5.2.i586.rpm\r\n d0905f31f721643a572bf6b005262bf6 mes5/i586/php-memcache-3.0.6-0.2mdvmes5.2.i586.rpm\r\n 6b5378f95fb1022c83d34c9db1422d8e mes5/i586/php-ming-5.2.10-0.2mdvmes5.2.i586.rpm\r\n 8e6e4f7017a0febfef7cdf155ecc4962 mes5/i586/php-mssql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 0411daf7561b179eb5a8e484d36f4ad3 mes5/i586/php-mysql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n ff31716a2c412fba2e9d013c56965cf7 mes5/i586/php-mysqli-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 993a888b1c2713a00565e45282b23148 mes5/i586/php-mysqlnd-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 08fbe9fae6d67c0637041c80f07eba12 mes5/i586/php-odbc-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 7a29e566a7751e1821a623a4f0018a6f mes5/i586/php-openssl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n f441f06ada4ee980d501e2b6576f2806 mes5/i586/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.i586.rpm\r\n b8da69bd634b1daa981efbc2ed95a648 mes5/i586/php-pcntl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 95089b116c79922e497d4fd7854df544 mes5/i586/php-pdo-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 2f2196f900c6b802cf7fea375c9eeb91 mes5/i586/php-pdo_dblib-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 25c438a18c01c09b60e7c7b2fe13671f mes5/i586/php-pdo_mysql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 91f1fee5243ed4ae8398a75e9114adac mes5/i586/php-pdo_odbc-5.3.13-0.1mdvmes5.2.i586.rpm\r\n bfff4547a91207f42302cd9fc184f86f mes5/i586/php-pdo_pgsql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 8d460754542459d816d1b3dff39c872b mes5/i586/php-pdo_sqlite-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 9ff947c66182403b9888b265832c9161 mes5/i586/php-perl-1.0.0-32.2mdvmes5.2.i586.rpm\r\n cb1bca793338e4e792ab6c8792293617 mes5/i586/php-pgsql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 1ef789ec5d683fef4934fc57101456b1 mes5/i586/php-phar-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 52145842d6faa93fa073fa17cb3b0763 mes5/i586/php-posix-5.3.13-0.1mdvmes5.2.i586.rpm\r\n aed79d1522b7507df309ddd682a99b4d mes5/i586/php-pspell-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 7cf0cf423041e29370ec6df0da70d21e mes5/i586/php-radius-1.2.5-7.2mdvmes5.2.i586.rpm\r\n f53c0be9c38ddf42a8c6820a312eaa06 mes5/i586/php-readline-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 29ee9c49f78cb11e83f9a251bd02b7e9 mes5/i586/php-recode-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 2c8c33fd81fc8468d0ddb774c2814264 mes5/i586/php-sasl-0.1.0-21.6mdvmes5.2.i586.rpm\r\n 8c2471fa96a43e94edabd4b9668724ef mes5/i586/php-session-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 3ca8b754f64883be1924fa8e95e799d3 mes5/i586/php-shmop-5.3.13-0.1mdvmes5.2.i586.rpm\r\n faa1b493b705f393754abcc2174857b5 mes5/i586/php-snmp-5.3.13-0.1mdvmes5.2.i586.rpm\r\n c393eb8db265798b1beff2541d13ee25 mes5/i586/php-soap-5.3.13-0.1mdvmes5.2.i586.rpm\r\n c23958451e7f49cb90e18f0d58fde045 mes5/i586/php-sockets-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 419a7ecf0f1d44a08795cc21c88f3b17 mes5/i586/php-sphinx-1.2.0-0.1mdvmes5.2.i586.rpm\r\n b42c41d30364c4bb308146ab5087fabf mes5/i586/php-sqlite3-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 6e9609d6fd4724426a63e3e520341051 mes5/i586/php-sqlite-5.3.13-0.1mdvmes5.2.i586.rpm\r\n e0b0e03c3ba4746805a70f3749784af7 mes5/i586/php-ssh2-0.11.3-0.1mdvmes5.2.i586.rpm\r\n f3be55d6857f3c36f063a418ff780c01 mes5/i586/php-suhosin-0.9.33-0.1mdvmes5.2.i586.rpm\r\n 49ab75a66171482bc0c92da727b42790 mes5/i586/php-sybase_ct-5.3.13-0.1mdvmes5.2.i586.rpm\r\n a49fe633e4d2eb4acb1fcd9ded4afff6 mes5/i586/php-sysvmsg-5.3.13-0.1mdvmes5.2.i586.rpm\r\n e548f18c2ccd5522376387fb9895e605 mes5/i586/php-sysvsem-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 079ffcc8e9bbcf02d70b39aed0e37510 mes5/i586/php-sysvshm-5.3.13-0.1mdvmes5.2.i586.rpm\r\n a0bfac8555bfaefec8cdab4a8fe8f759 mes5/i586/php-tclink-3.4.5-0.2mdvmes5.2.i586.rpm\r\n c3bb9c496c70fa477b65a326f10f1f13 mes5/i586/php-tidy-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 92fa5b22a77b38c94e1e81cee27e94e5 mes5/i586/php-timezonedb-2012.3-0.1mdvmes5.2.i586.rpm\r\n c69e34969e6be01c229701cb3bd381f3 mes5/i586/php-tokenizer-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 86d0fa4af4c00f2a996ee86c7480eaec mes5/i586/php-translit-0.6.1-0.1mdvmes5.2.i586.rpm\r\n 11aa119fde6b2c43e93259784d78b72a mes5/i586/php-vld-0.11.1-0.1mdvmes5.2.i586.rpm\r\n f48532222388b41b6f5abbeffa704cf9 mes5/i586/php-wddx-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 1770351942d2fb1c5685afe0609d22ea mes5/i586/php-xattr-1.1.0-2.6mdvmes5.2.i586.rpm\r\n 09300dd1170f00c70d05a21017d05448 mes5/i586/php-xcache-1.3.2-0.1mdvmes5.2.i586.rpm\r\n 508c5edb557c8bc20d7084b314278944 mes5/i586/php-xcache-admin-1.3.2-0.1mdvmes5.2.i586.rpm\r\n 41e91f88a9fdaf1fa0420ae01dc46ade mes5/i586/php-xdebug-2.1.4-0.1mdvmes5.2.i586.rpm\r\n c8d6da8bdb753cf7a2a6db3d3e2e46bf mes5/i586/php-xml-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 50aed2d093b83fdaa77dc407da9b861a mes5/i586/php-xmlreader-5.3.13-0.1mdvmes5.2.i586.rpm\r\n fe32252d37699afb0c51f60f9722adcb mes5/i586/php-xmlrpc-5.3.13-0.1mdvmes5.2.i586.rpm\r\n a1a2181cb93d31acf2c6b6e246b9db0d mes5/i586/php-xmlwriter-5.3.13-0.1mdvmes5.2.i586.rpm\r\n f87097cce5a501146df0e7120211c4bd mes5/i586/php-xsl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 9d5c99b04a85caea9bce01f4c662372c mes5/i586/php-yaz-1.1.1-0.1mdvmes5.2.i586.rpm\r\n d38eb4445d09878793e8506f1b649236 mes5/i586/php-zip-5.3.13-0.1mdvmes5.2.i586.rpm\r\n ec0cbe2b90c8fb0db9939d10e62fef02 mes5/i586/php-zlib-5.3.13-0.1mdvmes5.2.i586.rpm\r\n e2fe6c46edade8b149063316fb6e9268 mes5/i586/python-SWF-0.4.4-0.1mdvmes5.2.i586.rpm\r\n aef4719c148c3f6edf549f236a08868e mes5/i586/sphinx-0.9.9-0.1mdvmes5.2.i586.rpm\r\n 48b1928235704dd977b9fdc25f1e2933 mes5/i586/stemwords-0-5.1mdvmes5.2.i586.rpm\r\n 1b7636ca4c1ec6eac492041c6e9c95e2 mes5/i586/yaz-3.0.48-0.1mdvmes5.2.i586.rpm \r\n 2bac0388ad669fc836a910cb6919733e mes5/SRPMS/apache-mod_php-5.3.13-0.1mdvmes5.2.src.rpm\r\n 0dd8c597a6a39e17b504408fa4f894d1 mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm\r\n 04a50458044ddef8dca4acbecd0555d1 mes5/SRPMS/libmbfl-1.1.0-0.1mdvmes5.2.src.rpm\r\n d9e473396af964f01dd6310844925396 mes5/SRPMS/libmonetra-7.0.4-0.1mdvmes5.2.src.rpm\r\n 0fafe53fccc11afa4b75c66dc49261cd mes5/SRPMS/libstemmer-0-5.1mdvmes5.2.src.rpm\r\n 6de1878b7ff4fbc0b63e381618e966ba mes5/SRPMS/ming-0.4.4-0.1mdvmes5.2.src.rpm\r\n c4041cade9aaf6c4c67f046e4bfbaa74 mes5/SRPMS/php-5.3.13-0.1mdvmes5.2.src.rpm\r\n c0a1c69bca172f69a034505cfd6b37fc mes5/SRPMS/php-apc-3.1.10-0.1mdvmes5.2.src.rpm\r\n df8c3520a450cb4209179f60cf8828cd mes5/SRPMS/php-dbx-1.1.0-30.2mdvmes5.2.src.rpm\r\n 7705d28806c6a73a9e588d174203ec11 mes5/SRPMS/php-dio-0.0.5-0.1mdvmes5.2.src.rpm\r\n cb9fd58d04a1db3ceec2f9b15c5ddac0 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.src.rpm\r\n d1e7c7da449372f62c27a0cd3eeb8a8d mes5/SRPMS/php-fam-5.0.1-3.6mdvmes5.2.src.rpm\r\n 4c10d297abc9ea2a4dfe2cc441be619c mes5/SRPMS/php-filepro-5.1.6-13.6mdvmes5.2.src.rpm\r\n 7c30fe50ac1dc23870c64660300e78f8 mes5/SRPMS/php-gtk2-2.0.1-2.2mdvmes5.2.src.rpm\r\n ecdbedc8c745921ab7e8c97850c7e976 mes5/SRPMS/php-imagick-3.0.1-0.2mdvmes5.2.src.rpm\r\n c31069ae710a67783a81adf905f72842 mes5/SRPMS/php-ini-5.3.13-0.1mdvmes5.2.src.rpm\r\n 7bba5d67278539bbfe8980f4619fc443 mes5/SRPMS/php-mailparse-2.1.6-0.1mdvmes5.2.src.rpm\r\n c064fa5008b99634cf43dd8cfcfc38a8 mes5/SRPMS/php-mcal-0.6-23.6mdvmes5.2.src.rpm\r\n 4dc1c969e13503b5b84e4cc2a62fcafa mes5/SRPMS/php-mcve-7.0.3-0.2mdvmes5.2.src.rpm\r\n 8a0b00a7eb45735c7f1b84db2124a02a mes5/SRPMS/php-mdbtools-1.0.0-4.2mdvmes5.2.src.rpm\r\n 50514e567296ef853fc9c040b27fde14 mes5/SRPMS/php-memcache-3.0.6-0.2mdvmes5.2.src.rpm\r\n 3d68803bc8d4d5db837d034e31b559ab mes5/SRPMS/php-ming-5.2.10-0.2mdvmes5.2.src.rpm\r\n 3788a033464659c7697271fe3e11cb6b mes5/SRPMS/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.src.rpm\r\n 4e41590da9fd097f6ecb0cf362bf99f9 mes5/SRPMS/php-perl-1.0.0-32.2mdvmes5.2.src.rpm\r\n 8227db814a6322c4a1c72717965be834 mes5/SRPMS/php-radius-1.2.5-7.2mdvmes5.2.src.rpm\r\n b6eea216f82a274151c12bb38e50793c mes5/SRPMS/php-sasl-0.1.0-21.6mdvmes5.2.src.rpm\r\n aefb4d8a934bd9ecf18f10cf94508b21 mes5/SRPMS/php-sphinx-1.2.0-0.1mdvmes5.2.src.rpm\r\n 27acc20ae9792b5ee79127428c76d019 mes5/SRPMS/php-ssh2-0.11.3-0.1mdvmes5.2.src.rpm\r\n 8561139b4f53146b52d0d881c93bd884 mes5/SRPMS/php-suhosin-0.9.33-0.1mdvmes5.2.src.rpm\r\n 9decd2138202b8f51428b69f8d089679 mes5/SRPMS/php-tclink-3.4.5-0.2mdvmes5.2.src.rpm\r\n a331ac0e06665fb2b1696eeb35ddd67b mes5/SRPMS/php-timezonedb-2012.3-0.1mdvmes5.2.src.rpm\r\n 79c414525991c894f01d9e597cda78f6 mes5/SRPMS/php-translit-0.6.1-0.1mdvmes5.2.src.rpm\r\n 93897f5b7d60138c9e12474dc8388954 mes5/SRPMS/php-vld-0.11.1-0.1mdvmes5.2.src.rpm\r\n 9f2b8c72495c63762e02a4792b321463 mes5/SRPMS/php-xattr-1.1.0-2.6mdvmes5.2.src.rpm\r\n bec964b1764e87c0ba2d78ec3c33f662 mes5/SRPMS/php-xcache-1.3.2-0.1mdvmes5.2.src.rpm\r\n 6e3b637199e13bd895401f2cadbf25c5 mes5/SRPMS/php-xdebug-2.1.4-0.1mdvmes5.2.src.rpm\r\n 7b1f065bc086533fa01adba07235c4fe mes5/SRPMS/php-yaz-1.1.1-0.1mdvmes5.2.src.rpm\r\n 51586ceaba69e3a61e4171c1b33821ad mes5/SRPMS/sphinx-0.9.9-0.1mdvmes5.2.src.rpm\r\n fb8632c3872b5f62b8fdc070565d21b6 mes5/SRPMS/xmlrpc-epi-0.54-0.1mdvmes5.2.src.rpm\r\n 7737d7193bce052e26930d49ee7e841f mes5/SRPMS/yaz-3.0.48-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 96b2d5df095de56795b5e402b5615e5a mes5/x86_64/apache-mod_php-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 03641ff5a502b304b0cbdeff4161f07a mes5/x86_64/lemon-3.7.4-0.1mdvmes5.2.x86_64.rpm\r\n 16d5aee91aab749c674b146725679edf mes5/x86_64/lib64mbfl1-1.1.0-0.1mdvmes5.2.x86_64.rpm\r\n 211cf3c8c54d7135c1c59d37df63dbd9 mes5/x86_64/lib64mbfl-devel-1.1.0-0.1mdvmes5.2.x86_64.rpm\r\n ff17fd8f9ad24289e558636ce26d6e17 mes5/x86_64/lib64ming1-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n 84acf50087747dcb4f34a5aa2ea1ce0a mes5/x86_64/lib64ming-devel-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n db2510f25a007023647f235013ec6e74 mes5/x86_64/lib64monetra7-7.0.4-0.1mdvmes5.2.x86_64.rpm\r\n e449abc214208571c14827a9319c0ec3 mes5/x86_64/lib64monetra-devel-7.0.4-0.1mdvmes5.2.x86_64.rpm\r\n 7a418a728839573bca2187e8c5468fe2 mes5/x86_64/lib64php5_common5-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 4060a9ea3f85ea3df9260575783e7a17 mes5/x86_64/lib64sphinxclient0-0.9.9-0.1mdvmes5.2.x86_64.rpm\r\n f6ca93737988ebae403ef0ed8ab41359 mes5/x86_64/lib64sphinxclient-devel-0.9.9-0.1mdvmes5.2.x86_64.rpm\r\n 4a7ef9bd46d3c4e8e36f08868319244d mes5/x86_64/lib64stemmer0-0-5.1mdvmes5.2.x86_64.rpm\r\n b15fe53cc1c6ea59fdd82c04eae8e7fd mes5/x86_64/lib64stemmer-devel-0-5.1mdvmes5.2.x86_64.rpm\r\n c673964b2561e44781a98cb86a9e3187 mes5/x86_64/lib64xmlrpc-epi0-0.54-0.1mdvmes5.2.x86_64.rpm\r\n e66b903dc4310d0d3849689529146ec3 mes5/x86_64/lib64xmlrpc-epi-devel-0.54-0.1mdvmes5.2.x86_64.rpm\r\n 49cbe05c0d48ad378bd129ebd036ba26 mes5/x86_64/lib64yaz3-3.0.48-0.1mdvmes5.2.x86_64.rpm\r\n 2afb044886e1c96c3db29bdf0bb7dc9b mes5/x86_64/lib64yaz-devel-3.0.48-0.1mdvmes5.2.x86_64.rpm\r\n 2f4b0caff3c9e97839df3aa1ad6ca732 mes5/x86_64/ming-utils-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n f288571bd192a5e5802a40cd7d4e3118 mes5/x86_64/perl-SWF-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n b059dbc18e76476659494969ef5e4947 mes5/x86_64/php-apc-3.1.10-0.1mdvmes5.2.x86_64.rpm\r\n 68149e7e29a2e2ea3f7d7e3573bd193b mes5/x86_64/php-apc-admin-3.1.10-0.1mdvmes5.2.x86_64.rpm\r\n e38d895cf490704f5e6f8b1ecdca7e61 mes5/x86_64/php-bcmath-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 711815bad3794350d9177d52bac8d95b mes5/x86_64/php-bz2-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 3e8c4f72f0211a797a172c7092966a46 mes5/x86_64/php-calendar-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 51026f5c6c789d4fe07bb64f5c2a4559 mes5/x86_64/php-cgi-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n a5c4c236c80e4219e0a8e29eac78b440 mes5/x86_64/php-cli-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n f7d68cdc91a5d1aca630bf5d2cc027a8 mes5/x86_64/php-ctype-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1e82cf4c1d05409239f773c27f25e148 mes5/x86_64/php-curl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 4414697431b4f9d8347d368406a74792 mes5/x86_64/php-dba-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 78a159ea14c942e6b1484d7f7a02430f mes5/x86_64/php-dbx-1.1.0-30.2mdvmes5.2.x86_64.rpm\r\n afce38f700de1511605177aaac2a4b0c mes5/x86_64/php-devel-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 24c2440bccc5cdceb6d9c6eb6fbd8fb6 mes5/x86_64/php-dio-0.0.5-0.1mdvmes5.2.x86_64.rpm\r\n e304390a900576e6344b831935fca984 mes5/x86_64/php-doc-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 41d2f61596375aa03dcd64462432b8ad mes5/x86_64/php-dom-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 84eead8c2a272ed05ef0a8f3b6672f56 mes5/x86_64/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.x86_64.rpm\r\n d72cfcdee8d186ad859b3b99fd70bdd0 mes5/x86_64/php-eaccelerator-admin-0.9.6.1-0.6mdvmes5.2.x86_64.rpm\r\n e3b9b291bbc15d61895e27372b8b1925 mes5/x86_64/php-enchant-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 558cd9c98631858a661a6aa4ccdf882b mes5/x86_64/php-exif-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 3553939609e3fef1652ee999d37fd530 mes5/x86_64/php-fam-5.0.1-3.6mdvmes5.2.x86_64.rpm\r\n 5a19e0b3fc58299ccdb1b12f5ca69200 mes5/x86_64/php-fileinfo-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 8a23bbc3e8c9ef45a339563075668d59 mes5/x86_64/php-filepro-5.1.6-13.6mdvmes5.2.x86_64.rpm\r\n 78be28f1fee69306797aa83a91bee75b mes5/x86_64/php-filter-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n f8339f10b4664c2130f1159f89c0b244 mes5/x86_64/php-fpm-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n d3b287afef7b1f6207082e97ae77b349 mes5/x86_64/php-ftp-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 98f68dcc439e4252d72be221fe1e9b98 mes5/x86_64/php-gd-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 0d04cfba60b215c27a87d77a363a51e9 mes5/x86_64/php-gettext-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n f95a838116143b396aedeeb01c534584 mes5/x86_64/php-gmp-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e84018d144e7f94e436132420d51440d mes5/x86_64/php-gtk2-2.0.1-2.2mdvmes5.2.x86_64.rpm\r\n 7e02ce03f990c677fd39095d094bf5fc mes5/x86_64/php-hash-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 9e3ae7e6d67397fc15a81d3b3e7d30c8 mes5/x86_64/php-iconv-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 76155d4adcfb84852c193a6a9183a701 mes5/x86_64/php-imagick-3.0.1-0.2mdvmes5.2.x86_64.rpm\r\n 6c1aa64a78fef0ba6b12de5c7fdf227e mes5/x86_64/php-imap-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e9dbcfb8b6330f52ea6f83630e0b96db mes5/x86_64/php-ini-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n a99ae1adc279e1446501374b396e9194 mes5/x86_64/php-intl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n c4856a889eb1fabe4cfb4e7e0541a208 mes5/x86_64/php-json-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1e6ed1c6f514d3bed9271e192d6b8c79 mes5/x86_64/php-ldap-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 23d141eeb5ec49b7bd14931e313efe61 mes5/x86_64/php-mailparse-2.1.6-0.1mdvmes5.2.x86_64.rpm\r\n 67df3a26f6e25258bb28b9d70ebdc7b9 mes5/x86_64/php-mbstring-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n ce6ec0bd9bf2c6bbea51b670566cf125 mes5/x86_64/php-mcal-0.6-23.6mdvmes5.2.x86_64.rpm\r\n 3af3a06df5a30d2324b42ce38b0170c7 mes5/x86_64/php-mcrypt-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 898c0ff97086e4003f34c5af21a1209b mes5/x86_64/php-mcve-7.0.3-0.2mdvmes5.2.x86_64.rpm\r\n ea3c678599dd676b1596cf9b38bac5fa mes5/x86_64/php-mdbtools-1.0.0-4.2mdvmes5.2.x86_64.rpm\r\n f42a0499caae118ccb02a404fe853e8d mes5/x86_64/php-memcache-3.0.6-0.2mdvmes5.2.x86_64.rpm\r\n d656bf501e02bf270c74e621655e0f79 mes5/x86_64/php-ming-5.2.10-0.2mdvmes5.2.x86_64.rpm\r\n 67182e137d6799e21d1eb95f8e8a09a6 mes5/x86_64/php-mssql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 13b16b807e73dc799f820ec360b4c4c4 mes5/x86_64/php-mysql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 401bf41f8ae42e1c5cbae844b5859310 mes5/x86_64/php-mysqli-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n a3d71aca0b59a479be67aa5f7e2dadac mes5/x86_64/php-mysqlnd-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 299a5af759216cc02b72c73e1aedb898 mes5/x86_64/php-odbc-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1b9afd33db663c3c0376e9e366a1d7e9 mes5/x86_64/php-openssl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1bfa8188adf02eefd1fee6980bf8a637 mes5/x86_64/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.x86_64.rpm\r\n 4ea6deefc1d6c98165a39bf0cbbb1e68 mes5/x86_64/php-pcntl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e8edc47c4535c7185c648fe2cdd62fd3 mes5/x86_64/php-pdo-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 7de9187f26e2b1dcbde7bfa6b5e72cc3 mes5/x86_64/php-pdo_dblib-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 43c1dabc4e916f1676a64affa4e71923 mes5/x86_64/php-pdo_mysql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 90e7bb6c5edceae816e1efc1d772c1cd mes5/x86_64/php-pdo_odbc-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 41c159cea72f2c8608422dd60b24a2aa mes5/x86_64/php-pdo_pgsql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 3b806d521833732f44d199760894e6cc mes5/x86_64/php-pdo_sqlite-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e3047e894435230a2234b6c106e7f85b mes5/x86_64/php-perl-1.0.0-32.2mdvmes5.2.x86_64.rpm\r\n 13e2506c835e395eb7f81edac6b61a8f mes5/x86_64/php-pgsql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n dab84434950d74f298b66066fc5d22b2 mes5/x86_64/php-phar-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n c087bf52f652c59da6bdd4fb06286464 mes5/x86_64/php-posix-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 29d9820c941b281ec4bf2e1ae154b590 mes5/x86_64/php-pspell-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 2a5472038518e78b1e77c085486a7f41 mes5/x86_64/php-radius-1.2.5-7.2mdvmes5.2.x86_64.rpm\r\n ef96d7846f36e03abbe0389a9c7025a6 mes5/x86_64/php-readline-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 3d6dc5bbe9f83a3b7379b09842418d6d mes5/x86_64/php-recode-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n fe9478b8ef31ffd03c4fd7e3b13a6fcd mes5/x86_64/php-sasl-0.1.0-21.6mdvmes5.2.x86_64.rpm\r\n 66ea22c633fb484f787795c541c31458 mes5/x86_64/php-session-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 73cf8b14818d6c4aa6ff7b4f876a305f mes5/x86_64/php-shmop-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 2f1c10a3e69bc4962c68da8494d7a2d1 mes5/x86_64/php-snmp-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 66bf34f4665ce04daf5962c4c5178966 mes5/x86_64/php-soap-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n d9f0deeb70efb200c65be5ba2cbfe197 mes5/x86_64/php-sockets-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n cb5ace43e37f4488ca65e4740495842a mes5/x86_64/php-sphinx-1.2.0-0.1mdvmes5.2.x86_64.rpm\r\n d2347f18673adf71d3fdc94600e6ec77 mes5/x86_64/php-sqlite3-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 5317fd6819706540ee1d1e209b0ee65d mes5/x86_64/php-sqlite-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e308fc3349779514b7aa1e336452f539 mes5/x86_64/php-ssh2-0.11.3-0.1mdvmes5.2.x86_64.rpm\r\n c60c35039cdf4a3446e29d0dfa96bc40 mes5/x86_64/php-suhosin-0.9.33-0.1mdvmes5.2.x86_64.rpm\r\n 3076e178dff5d37d8c44f21e00d63c9e mes5/x86_64/php-sybase_ct-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e268581c1bbbd9269faa591577fce62a mes5/x86_64/php-sysvmsg-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 7dbc04b5fc2ffee323f2c4123feb05bd mes5/x86_64/php-sysvsem-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1bdffd99b577b97adc67e5b20df0b301 mes5/x86_64/php-sysvshm-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 71043e5371ce75f9f0cb63df38021fdb mes5/x86_64/php-tclink-3.4.5-0.2mdvmes5.2.x86_64.rpm\r\n 215a92aa7004ea738f44aed3e1168b9c mes5/x86_64/php-tidy-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n efc0a9750197c1b1f5158c8c1e55c27b mes5/x86_64/php-timezonedb-2012.3-0.1mdvmes5.2.x86_64.rpm\r\n c7debf59191371056785b18a4a99c276 mes5/x86_64/php-tokenizer-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 26be1bde74ac0ce9f0b442cb4c81a9be mes5/x86_64/php-translit-0.6.1-0.1mdvmes5.2.x86_64.rpm\r\n c99427fc99b451727ac42a9b96a5537c mes5/x86_64/php-vld-0.11.1-0.1mdvmes5.2.x86_64.rpm\r\n 2743db76a4ec5fd0a67dbd68bf1229a4 mes5/x86_64/php-wddx-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 6af7e7503ffe3d4141f222fb0701e817 mes5/x86_64/php-xattr-1.1.0-2.6mdvmes5.2.x86_64.rpm\r\n 85f807ce183c7b843701fd8899ef0991 mes5/x86_64/php-xcache-1.3.2-0.1mdvmes5.2.x86_64.rpm\r\n a62dad29f5eade1f3d3864b25dff3f2d mes5/x86_64/php-xcache-admin-1.3.2-0.1mdvmes5.2.x86_64.rpm\r\n bbf6d7585d06df26bcfa3b73dab0007c mes5/x86_64/php-xdebug-2.1.4-0.1mdvmes5.2.x86_64.rpm\r\n a5f092be6c7ca43ad60913afb67885e6 mes5/x86_64/php-xml-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 65ef3be867bd8427c1f5d41131de8249 mes5/x86_64/php-xmlreader-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n d0c2192b6b08ef59e912fcbd272c98be mes5/x86_64/php-xmlrpc-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1c529b0215628a4d699542742dddb80e mes5/x86_64/php-xmlwriter-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 78df5fc0a2128aa9658b426cd8378b35 mes5/x86_64/php-xsl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n dadfa8975b5a1a141b2f454d370c59f6 mes5/x86_64/php-yaz-1.1.1-0.1mdvmes5.2.x86_64.rpm\r\n 9caa5cd5185ae316a091de219fd984d9 mes5/x86_64/php-zip-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 92ac01caa79c1d542fe06e4aae21ff0b mes5/x86_64/php-zlib-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n fb2eadb2172166381d594394916add79 mes5/x86_64/python-SWF-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n 5fdd248cb611e7997ddc828e8a90c043 mes5/x86_64/sphinx-0.9.9-0.1mdvmes5.2.x86_64.rpm\r\n b3d72ab63f47dd5a0f3b1f147321bcab mes5/x86_64/stemwords-0-5.1mdvmes5.2.x86_64.rpm\r\n cfada59c5348ee46e44202376cf042c5 mes5/x86_64/yaz-3.0.48-0.1mdvmes5.2.x86_64.rpm \r\n 2bac0388ad669fc836a910cb6919733e mes5/SRPMS/apache-mod_php-5.3.13-0.1mdvmes5.2.src.rpm\r\n 0dd8c597a6a39e17b504408fa4f894d1 mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm\r\n 04a50458044ddef8dca4acbecd0555d1 mes5/SRPMS/libmbfl-1.1.0-0.1mdvmes5.2.src.rpm\r\n d9e473396af964f01dd6310844925396 mes5/SRPMS/libmonetra-7.0.4-0.1mdvmes5.2.src.rpm\r\n 0fafe53fccc11afa4b75c66dc49261cd mes5/SRPMS/libstemmer-0-5.1mdvmes5.2.src.rpm\r\n 6de1878b7ff4fbc0b63e381618e966ba mes5/SRPMS/ming-0.4.4-0.1mdvmes5.2.src.rpm\r\n c4041cade9aaf6c4c67f046e4bfbaa74 mes5/SRPMS/php-5.3.13-0.1mdvmes5.2.src.rpm\r\n c0a1c69bca172f69a034505cfd6b37fc mes5/SRPMS/php-apc-3.1.10-0.1mdvmes5.2.src.rpm\r\n df8c3520a450cb4209179f60cf8828cd mes5/SRPMS/php-dbx-1.1.0-30.2mdvmes5.2.src.rpm\r\n 7705d28806c6a73a9e588d174203ec11 mes5/SRPMS/php-dio-0.0.5-0.1mdvmes5.2.src.rpm\r\n cb9fd58d04a1db3ceec2f9b15c5ddac0 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.src.rpm\r\n d1e7c7da449372f62c27a0cd3eeb8a8d mes5/SRPMS/php-fam-5.0.1-3.6mdvmes5.2.src.rpm\r\n 4c10d297abc9ea2a4dfe2cc441be619c mes5/SRPMS/php-filepro-5.1.6-13.6mdvmes5.2.src.rpm\r\n 7c30fe50ac1dc23870c64660300e78f8 mes5/SRPMS/php-gtk2-2.0.1-2.2mdvmes5.2.src.rpm\r\n ecdbedc8c745921ab7e8c97850c7e976 mes5/SRPMS/php-imagick-3.0.1-0.2mdvmes5.2.src.rpm\r\n c31069ae710a67783a81adf905f72842 mes5/SRPMS/php-ini-5.3.13-0.1mdvmes5.2.src.rpm\r\n 7bba5d67278539bbfe8980f4619fc443 mes5/SRPMS/php-mailparse-2.1.6-0.1mdvmes5.2.src.rpm\r\n c064fa5008b99634cf43dd8cfcfc38a8 mes5/SRPMS/php-mcal-0.6-23.6mdvmes5.2.src.rpm\r\n 4dc1c969e13503b5b84e4cc2a62fcafa mes5/SRPMS/php-mcve-7.0.3-0.2mdvmes5.2.src.rpm\r\n 8a0b00a7eb45735c7f1b84db2124a02a mes5/SRPMS/php-mdbtools-1.0.0-4.2mdvmes5.2.src.rpm\r\n 50514e567296ef853fc9c040b27fde14 mes5/SRPMS/php-memcache-3.0.6-0.2mdvmes5.2.src.rpm\r\n 3d68803bc8d4d5db837d034e31b559ab mes5/SRPMS/php-ming-5.2.10-0.2mdvmes5.2.src.rpm\r\n 3788a033464659c7697271fe3e11cb6b mes5/SRPMS/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.src.rpm\r\n 4e41590da9fd097f6ecb0cf362bf99f9 mes5/SRPMS/php-perl-1.0.0-32.2mdvmes5.2.src.rpm\r\n 8227db814a6322c4a1c72717965be834 mes5/SRPMS/php-radius-1.2.5-7.2mdvmes5.2.src.rpm\r\n b6eea216f82a274151c12bb38e50793c mes5/SRPMS/php-sasl-0.1.0-21.6mdvmes5.2.src.rpm\r\n aefb4d8a934bd9ecf18f10cf94508b21 mes5/SRPMS/php-sphinx-1.2.0-0.1mdvmes5.2.src.rpm\r\n 27acc20ae9792b5ee79127428c76d019 mes5/SRPMS/php-ssh2-0.11.3-0.1mdvmes5.2.src.rpm\r\n 8561139b4f53146b52d0d881c93bd884 mes5/SRPMS/php-suhosin-0.9.33-0.1mdvmes5.2.src.rpm\r\n 9decd2138202b8f51428b69f8d089679 mes5/SRPMS/php-tclink-3.4.5-0.2mdvmes5.2.src.rpm\r\n a331ac0e06665fb2b1696eeb35ddd67b mes5/SRPMS/php-timezonedb-2012.3-0.1mdvmes5.2.src.rpm\r\n 79c414525991c894f01d9e597cda78f6 mes5/SRPMS/php-translit-0.6.1-0.1mdvmes5.2.src.rpm\r\n 93897f5b7d60138c9e12474dc8388954 mes5/SRPMS/php-vld-0.11.1-0.1mdvmes5.2.src.rpm\r\n 9f2b8c72495c63762e02a4792b321463 mes5/SRPMS/php-xattr-1.1.0-2.6mdvmes5.2.src.rpm\r\n bec964b1764e87c0ba2d78ec3c33f662 mes5/SRPMS/php-xcache-1.3.2-0.1mdvmes5.2.src.rpm\r\n 6e3b637199e13bd895401f2cadbf25c5 mes5/SRPMS/php-xdebug-2.1.4-0.1mdvmes5.2.src.rpm\r\n 7b1f065bc086533fa01adba07235c4fe mes5/SRPMS/php-yaz-1.1.1-0.1mdvmes5.2.src.rpm\r\n 51586ceaba69e3a61e4171c1b33821ad mes5/SRPMS/sphinx-0.9.9-0.1mdvmes5.2.src.rpm\r\n fb8632c3872b5f62b8fdc070565d21b6 mes5/SRPMS/xmlrpc-epi-0.54-0.1mdvmes5.2.src.rpm\r\n 7737d7193bce052e26930d49ee7e841f mes5/SRPMS/yaz-3.0.48-0.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFPq6gTmqjQ0CJFipgRAqvVAJ9zEwWjj1SD2W0x+6Nb/vNvjYO4oQCg6O6L\r\nwF916W6TuFcSv/gD10fMyoE=\r\n=Va72\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "securityvulns", "title": "[ MDVSA-2012:071 ] php", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-2336", "CVE-2011-1148", "CVE-2012-2335", "CVE-2012-1823", "CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0788", "CVE-2012-0830", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2012-1172", "CVE-2011-4566", "CVE-2011-3267", "CVE-2011-3379", "CVE-2011-2202", "CVE-2012-0831", "CVE-2012-0807"], "modified": "2012-05-14T00:00:00", "id": "SECURITYVULNS:DOC:28070", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28070", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:23", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "securityvulns", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2011-2133", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2011-08-12T00:00:00", "id": "SECURITYVULNS:VULN:11853", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11853", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:44:44", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "cvss3": {}, "published": "2011-06-02T00:00:00", "type": "securityvulns", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1954", "CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921", "CVE-2011-1953", "CVE-2011-1952", "CVE-2011-0446", "CVE-2011-0447"], "modified": "2011-06-02T00:00:00", "id": "SECURITYVULNS:VULN:11704", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11704", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-315\r\nOctober 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3249\r\n\r\n-- CVSS:\r\n9, AV:N/AC:L/Au:N/C:P/I:P/A:C\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the way Quicktime decodes flic file.\r\nFlic files can contain FLC Delta Decompression block containing Run\r\nLength Encoded data. Quicktime fails to correctly checking the\r\ndecompression size when decoding the RLE data. This allowes for a 4 byte\r\noverwrite past the end of the buffer which could result into remote code\r\nexecution under the context of the current user.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-06-03 - Vulnerability reported to vendor\r\n2011-10-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Matt "j00ru" Jurczyk\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "securityvulns", "title": "ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3249"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27228", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27228", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution\r\nVulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-004\r\nJanuary 5, 2012\r\n\r\n- -- CVE ID:\r\nCVE-2011-3250\r\n\r\n- -- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n- -- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n- -- Affected Products:\r\n\r\nApple Quicktime 7.3\r\n\r\n\r\n\r\n- -- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11901.\r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n- -- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple QuickTime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe flaw exists within the JP2Deco component which is used when handling\r\nan mjp2 sample. This sample format (JPEG2000) has a required COD marker\r\nsegment (0xff52) followed by a COD length value. When extracting the\r\ncontents of this section the application subtracts from this length\r\nbefore passing it into a call to memcpy. A remote attacker can exploit\r\nthis error to execute arbitrary code under the context of the user.\r\n\r\n- -- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n\r\n- -- Disclosure Timeline:\r\n2011-07-25 - Vulnerability reported to vendor\r\n\r\n2012-01-05 - Coordinated public release of advisory\r\n\r\n\r\n\r\n- -- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Luigi Auriemma\r\n\r\n\r\n* Anonymous\r\n\r\n\r\n\r\n- -- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.17 (MingW32)\r\n\r\niQEcBAEBAgAGBQJPBhHlAAoJEFVtgMGTo1schioH/RHh+UajY4pSdW4vgVZC2bfn\r\nnuWWLeoQPUq/Q/7Rl0mSatsJYEGJ7AqkPXIIK3YqCgvVpRnTdLNLxY99ebS6mg5B\r\n+91YoaWq5XKo4O6Ka4ev9Aijy66qrT3Gqf8hzFbWxqJ30ZYmLj67yQ2glzxZioGh\r\ntePNxGCbI5xUe0vMByPSHJPdbO3eJsAyERlbeeR9rYIJG2RhadJVeKg2xWio1wU6\r\nZja6Uukc16oW+WixhO8jMZ3fVsN2DnEGSsHlYAkNDQYKGI54it3UfovE24Lo4Asm\r\n9Jyw2vtFwxYwJ5zpztE7J3oVx1+HHWHRvogyda6j3zNl4dDlf3+llknQhJSRBQw=\r\n=69ah\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-01-09T00:00:00", "type": "securityvulns", "title": "ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3250"], "modified": "2012-01-09T00:00:00", "id": "SECURITYVULNS:DOC:27515", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27515", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update\r\n\r\niOS 5.0.1 Software Update is now available and addresses the\r\nfollowing:\r\n\r\nCFNetwork\r\nAvailable for: iOS 3.0 through 5.0 for iPhone 3GS,\r\niPhone 4 and iPhone 4S,\r\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of maliciously\r\ncrafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could navigate to an incorrect server.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreGraphics\r\nAvailable for: iOS 3.0 through 5.0 for iPhone 3GS,\r\niPhone 4 and iPhone 4S,\r\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\r\nImpact: Viewing a document containing a maliciously crafted font may\r\nlead to arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in FreeType,\r\nthe most serious of which may lead to arbitrary code execution when\r\nprocessing a maliciously crafted font.\r\nCVE-ID\r\nCVE-2011-3439 : Apple\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 5.0 for iPhone 3GS,\r\niPhone 4 and iPhone 4S,\r\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Two certificate authorities in the list of trusted root\r\ncertificates have independently issued intermediate certificates to\r\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\r\nweak keys that it is unable to revoke. An attacker with a privileged\r\nnetwork position could intercept user credentials or other sensitive\r\ninformation intended for a site with a certificate issued by DigiCert\r\nMalaysia. This issue is addressed by configuring default system trust\r\nsettings so that DigiCert Malaysia's certificates are not trusted. We\r\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\r\nthis issue.\r\n\r\nKernel\r\nAvailable for: iOS 3.0 through 5.0 for iPhone 3GS,\r\niPhone 4 and iPhone 4S,\r\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\r\nImpact: An application may execute unsigned code\r\nDescription: A logic error existed in the mmap system call's\r\nchecking of valid flag combinations. This issue may lead to a bypass\r\nof codesigning checks. This issue does not affect devices running\r\niOS prior to version 4.3.\r\nCVE-ID\r\nCVE-2011-3442 : Charlie Miller of Accuvant Labs\r\n\r\nlibinfo\r\nAvailable for: iOS 3.0 through 5.0 for iPhone 3GS,\r\niPhone 4 and iPhone 4S,\r\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in libinfo's handling of DNS name\r\nlookups. When resolving a maliciously crafted hostname, libinfo could\r\nreturn an incorrect result.\r\nCVE-ID\r\nCVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of\r\nBlocket AB\r\n\r\nPasscode Lock\r\nAvailable for: iOS 4.3 through 5.0 for iPad 2\r\nImpact: A person with physical access to a locked iPad 2 may be able\r\nto access some of the user's data\r\nDescription: When a Smart Cover is opened while iPad 2 is confirming\r\npower off in the locked state, the iPad does not request a passcode.\r\nThis allows some access to the iPad, but data protected by Data\r\nProtection is inaccessible and apps cannot be launched.\r\nCVE-ID\r\nCVE-2011-3440\r\n\r\nInstallation note:\r\n\r\nThis update is only available through iTunes, and will not appear\r\nin your computer's Software Update application, or in the Apple\r\nDownloads site. Make sure you have an Internet connection and have\r\ninstalled the latest version of iTunes from www.apple.com/itunes/\r\n\r\niTunes will automatically check Apple's update server on its weekly\r\nschedule. When an update is detected, it will download it. When\r\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\r\nuser with the option to install the update. We recommend applying\r\nthe update immediately if possible. Selecting Don't Install will\r\npresent the option the next time you connect your iPhone, iPod touch,\r\nor iPad.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes checks for updates. You may manually obtain the\r\nupdate via the Check for Updates button within iTunes. After doing\r\nthis, the update can be applied when your iPhone, iPod touch, or iPad\r\nis docked to your computer.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be\r\n"5.0.1 (9A405)".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOuxWjAAoJEGnF2JsdZQeeYkAH/1Yz7Y7kSrJKjNeGyxLpliM8\r\n1r33Xu0r6+WJgrjq1Ym4S6Yz1SJvz6uyvt8yLlKMxQHpYxmTjoToVbzvCvr81Kam\r\ntpXhpfihRtwzSDEJAV7jRShtylVwoTIfUBTp982eun+2PrJmHI3P070pgCjUiT/C\r\n63O4sen+K0hhT2cJxzWYsw1hmXv8OAmy+snUOh44ovMEa10KrpOqxr6sjrSfBbpU\r\ngHyD1BOVB5VPUWSpj+R9/Eji634StaPkmy1yp+iv926MpGMGYT8mB07ec4MP4C78\r\nb7ZaKzmhZILikMR6+fiOUWIZJQ0M8TYzyMol15DP/5mnXiHr46eZvsqWeAuvsok=\r\n=RjAe\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-11-16T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3246", "CVE-2011-3441", "CVE-2011-3440", "CVE-2011-3439", "CVE-2011-3442"], "modified": "2011-11-16T00:00:00", "id": "SECURITYVULNS:DOC:27302", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27302", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-04-26T15:08:42", "description": "This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.", "cvss3": {}, "published": "2012-02-06T00:00:00", "type": "openvas", "title": "Mac OS X Multiple Vulnerabilities (2012-001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-3348", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310802392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X Multiple Vulnerabilities (2012-001)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802392\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2011-3444\", \"CVE-2011-3348\", \"CVE-2011-3389\", \"CVE-2011-3246\",\n \"CVE-2011-3447\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3448\",\n \"CVE-2011-3449\", \"CVE-2011-3450\", \"CVE-2011-2192\", \"CVE-2011-2895\",\n \"CVE-2011-3452\", \"CVE-2011-3441\", \"CVE-2011-3453\", \"CVE-2011-3422\",\n \"CVE-2011-3457\", \"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\",\n \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\",\n \"CVE-2011-3267\", \"CVE-2011-3268\", \"CVE-2011-3256\", \"CVE-2011-3328\",\n \"CVE-2011-3458\", \"CVE-2011-3248\", \"CVE-2011-3459\", \"CVE-2011-3250\",\n \"CVE-2011-3460\", \"CVE-2011-3249\", \"CVE-2010-1637\", \"CVE-2010-2813\",\n \"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-1752\",\n \"CVE-2011-1783\", \"CVE-2011-1921\", \"CVE-2011-3462\", \"CVE-2011-2204\",\n \"CVE-2011-3463\", \"CVE-2011-2937\", \"CVE-2011-0241\", \"CVE-2011-1167\");\n script_bugtraq_id(51810, 49616, 49778, 50115, 51813, 48416, 50065, 51817, 51812,\n 51815, 48434, 49124, 48833, 46951, 49744, 51819, 50641, 51807,\n 49429, 51808, 46843, 49252, 47950, 48259, 49241, 49249, 49376,\n 50155, 51809, 50400, 51811, 50401, 51814, 50404, 40291, 42399,\n 48648, 48091, 51818, 48456, 51816, 49229, 47820, 49303, 50092,\n 50112, 50091, 50099, 48007, 48566, 37118);\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-02-06 17:42:28 +0530 (Mon, 06 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X Multiple Vulnerabilities (2012-001)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5130\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47843/\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026627\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[67]\\.\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial-of-service condition.\");\n script_tag(name:\"affected\", value:\"Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreText, CoreUI\n curl, Data Security, dovecot, filecmds, ImageIO, Internet Sharing, Libinfo,\n libresolv, libsecurity, OpenGL, PHP, QuickTime, SquirrelMail, X11, Webmail,\n Tomcat, WebDAV Sharing.\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mac OS X 10.7.3 or\n Run Mac Updates and update the Security Update 2012-001\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1222\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.001\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"Equal to 10.6.8\");\n security_message(port:0, data:report);\n exit(0);\n }\n }\n\n if(version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.2\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"10.7 - 10.7.2\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-08T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2011:165 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-2202"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831484", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2011:165 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-11/msg00003.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831484\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-08 19:08:19 +0530 (Tue, 08 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:165\");\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_name(\"Mandriva Update for php MDVSA-2011:165 (php)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2010\\.1\");\n script_tag(name:\"affected\", value:\"php on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been identified and fixed in php:\n\n Use-after-free vulnerability in the substr_replace function in PHP\n 5.3.6 and earlier allows context-dependent attackers to cause a\n denial of service (memory corruption) or possibly have unspecified\n other impact by using the same variable for multiple arguments\n (CVE-2011-1148).\n\n The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions\n in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers\n to cause a denial of service (application crash) via certain flags\n arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND\n (CVE-2011-1657).\n\n Stack-based buffer overflow in the socket_connect function in\n ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\n context-dependent attackers to execute arbitrary code via a long\n pathname for a UNIX socket (CVE-2011-1938).\n\n The rfc1867_post_handler function in main/rfc1867.c in PHP before\n 5.3.7 does not properly restrict filenames in multipart/form-data\n POST requests, which allows remote attackers to conduct absolute\n path traversal attacks, and possibly create or overwrite arbitrary\n files, via a crafted upload request, related to a file path injection\n vulnerability. (CVE-2011-2202).\n\n crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\n platforms, does not properly handle 8-bit characters, which makes\n it easier for context-dependent attackers to determine a cleartext\n password by leveraging knowledge of a password hash (CVE-2011-2483).\n\n PHP before 5.3.7 does not properly check the return values of\n the malloc, calloc, and realloc library functions, which allows\n context-dependent attackers to cause a denial of service (NULL\n pointer dereference and application crash) or trigger a buffer\n overflow by leveraging the ability to provide an arbitrary value\n for a function argument, related to (1) ext/curl/interface.c, (2)\n ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c,\n (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\n ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c,\n (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\n TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\n PHP before 5.3.7 does not properly implement the error_log function,\n which allows context-dependent attackers to cause a denial of service\n (application crash) via unspecified vectors (CVE-2011-3267).\n\n Buffer overflow in the crypt function in PHP before 5.3.7 allows\n context-dependent attackers to ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.9~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.9~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gearman\", rpm:\"php-gearman~0.7.0~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~8.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~35.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.8.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pinba\", rpm:\"php-pinba~0.0.5~2.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~33.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sphinx\", rpm:\"php-sphinx~1.0.4~2.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~7.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2011.14~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~13.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:32", "description": "Check for the Version of php", "cvss3": {}, "published": "2011-11-08T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2011:165 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-2202"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831484", "href": "http://plugins.openvas.org/nasl.php?oid=831484", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2011:165 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in php:\n\n Use-after-free vulnerability in the substr_replace function in PHP\n 5.3.6 and earlier allows context-dependent attackers to cause a\n denial of service (memory corruption) or possibly have unspecified\n other impact by using the same variable for multiple arguments\n (CVE-2011-1148).\n\n The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions\n in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers\n to cause a denial of service (application crash) via certain flags\n arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND\n (CVE-2011-1657).\n\n Stack-based buffer overflow in the socket_connect function in\n ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\n context-dependent attackers to execute arbitrary code via a long\n pathname for a UNIX socket (CVE-2011-1938).\n\n The rfc1867_post_handler function in main/rfc1867.c in PHP before\n 5.3.7 does not properly restrict filenames in multipart/form-data\n POST requests, which allows remote attackers to conduct absolute\n path traversal attacks, and possibly create or overwrite arbitrary\n files, via a crafted upload request, related to a file path injection\n vulnerability. (CVE-2011-2202).\n\n crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\n platforms, does not properly handle 8-bit characters, which makes\n it easier for context-dependent attackers to determine a cleartext\n password by leveraging knowledge of a password hash (CVE-2011-2483).\n\n PHP before 5.3.7 does not properly check the return values of\n the malloc, calloc, and realloc library functions, which allows\n context-dependent attackers to cause a denial of service (NULL\n pointer dereference and application crash) or trigger a buffer\n overflow by leveraging the ability to provide an arbitrary value\n for a function argument, related to (1) ext/curl/interface.c, (2)\n ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c,\n (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\n ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c,\n (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\n TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\n PHP before 5.3.7 does not properly implement the error_log function,\n which allows context-dependent attackers to cause a denial of service\n (application crash) via unspecified vectors (CVE-2011-3267).\n\n Buffer overflow in the crypt function in PHP before 5.3.7 allows\n context-dependent attackers to ...\n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-11/msg00003.php\");\n script_id(831484);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-08 19:08:19 +0530 (Tue, 08 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:165\");\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_name(\"Mandriva Update for php MDVSA-2011:165 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.9~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.9~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gearman\", rpm:\"php-gearman~0.7.0~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~8.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~35.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.8.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pinba\", rpm:\"php-pinba~0.0.5~2.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~33.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sphinx\", rpm:\"php-sphinx~1.0.4~2.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~7.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2011.14~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~13.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:42", "description": "This host is running PHP and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2011-09-07T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - Sep11 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-3267"], "modified": "2018-10-20T00:00:00", "id": "OPENVAS:1361412562310802330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln_win_sep11.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# PHP Multiple Vulnerabilities - Sep11 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802330\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-1657\", \"CVE-2011-3182\", \"CVE-2011-3267\",\n \"CVE-2011-3268\");\n script_bugtraq_id(49241, 49252);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"PHP Multiple Vulnerabilities - Sep11 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"os_detection.nasl\", \"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44874/\");\n script_xref(name:\"URL\", value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to execute arbitrary code,\n obtain sensitive information or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"PHP version prior to 5.3.7 on Windows\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Improper handling of passwords with 8-bit characters by 'crypt_blowfish'\n function.\n\n - An error in 'ZipArchive::addGlob' and 'ZipArchive::addPattern' functions\n in ext/zip/php_zip.c file allows remote attackers to cause denial of\n service via certain flags arguments.\n\n - Improper validation of the return values of the malloc, calloc and realloc\n library functions.\n\n - Improper implementation of the error_log function.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.3.7 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running PHP and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/downloads.php\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\n##To check PHP version prior to 5.3.7\nif(version_is_less(version:phpVer, test_version:\"5.3.7\")){\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.7\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:47", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863518", "href": "http://plugins.openvas.org/nasl.php?oid=863518", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 15\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html\");\n script_id(863518);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11528\");\n\n script_summary(\"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:07:17", "description": "Check for the Version of php", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:863788", "href": "http://plugins.openvas.org/nasl.php?oid=863788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated web pages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\n\ntag_affected = \"php on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065674.html\");\n script_id(863788);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:15:57 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11464\");\n script_name(\"Fedora Update for php FEDORA-2011-11464\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:24", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11537", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863527", "href": "http://plugins.openvas.org/nasl.php?oid=863527", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 14\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging "story mode", LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html\");\n script_id(863527);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11537\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11537\");\n\n script_summary(\"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:23", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11537", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863523", "href": "http://plugins.openvas.org/nasl.php?oid=863523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 14\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html\");\n script_id(863523);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11537\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11537\");\n\n script_summary(\"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:44", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863531", "href": "http://plugins.openvas.org/nasl.php?oid=863531", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 15\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging "story mode", LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html\");\n script_id(863531);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11528\");\n\n script_summary(\"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:07:57", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:863875", "href": "http://plugins.openvas.org/nasl.php?oid=863875", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 16\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging "story mode", LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065675.html\");\n script_id(863875);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:27:25 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\",\n \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11464\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11464\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065673.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863794\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:16:35 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11464\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-eaccelerator'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"php-eaccelerator on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:40:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863518", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863518", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863518\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11528\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-eaccelerator'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"php-eaccelerator on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863520", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066106.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863520\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php FEDORA-2011-11528\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"php on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863531", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863531\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11528\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'maniadrive'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"maniadrive on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11537", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863523\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11537\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11537\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-eaccelerator'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"php-eaccelerator on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11537", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863524", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863524\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11537\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php FEDORA-2011-11537\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"php on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:50", "description": "Check for the Version of php", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11537", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863524", "href": "http://plugins.openvas.org/nasl.php?oid=863524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated web pages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html\");\n script_id(863524);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11537\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php FEDORA-2011-11537\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065674.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863788\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:15:57 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n script_name(\"Fedora Update for php FEDORA-2011-11464\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"php on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863875", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065675.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863875\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:27:25 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\",\n \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11464\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'maniadrive'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"maniadrive on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:52", "description": "Check for the Version of php", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863520", "href": "http://plugins.openvas.org/nasl.php?oid=863520", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated web pages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066106.html\");\n script_id(863520);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php FEDORA-2011-11528\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:05", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:863794", "href": "http://plugins.openvas.org/nasl.php?oid=863794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 16\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065673.html\");\n script_id(863794);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:16:35 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11464\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11464\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11537", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863527", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863527", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863527\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11537\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11537\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'maniadrive'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"maniadrive on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:46", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "FreeBSD Ports: php5, php5-sockets", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231070257", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070257", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_php513.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 057bf770-cac4-11e0-aea3-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70257\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\");\n script_bugtraq_id(49241);\n script_name(\"FreeBSD Ports: php5, php5-sockets\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n php5\n php5-sockets\n\nCVE-2011-2483\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash.\n\nCVE-2011-2202\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nCVE-2011-1938\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nCVE-2011-1148\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3.7\")<0) {\n txt += 'Package php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"php5-sockets\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3.7\")<0) {\n txt += 'Package php5-sockets version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:44", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1231-1", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1231-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2484", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3182", "CVE-2010-1914", "CVE-2011-3267", "CVE-2011-2202"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840782", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840782", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1231_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for php5 USN-1231-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1231-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840782\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1231-1\");\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\",\n \"CVE-2011-3267\", \"CVE-2011-1657\", \"CVE-2010-1914\", \"CVE-2010-2484\");\n script_name(\"Ubuntu Update for php5 USN-1231-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1231-1\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a\n stack-based buffer overflow existed in the socket_connect function's\n handling of long pathnames for AF_UNIX sockets. A remote attacker\n might be able to exploit this to execute arbitrary code. However,\n the default compiler options for affected releases should reduce\n the vulnerability to a denial of service. This issue affected Ubuntu\n 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)\n\n Krzysztof Kotowicz discovered that the PHP post handler function\n does not properly restrict filenames in multipart/form-data POST\n requests. This may allow remote attackers to conduct absolute\n path traversal attacks and possibly create or overwrite arbitrary\n files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu\n 10.10 and Ubuntu 11.04. (CVE-2011-2202)\n\n It was discovered that the crypt function for blowfish does not\n properly handle 8-bit characters. This could make it easier for an\n attacker to discover a cleartext password containing an 8-bit character\n that has a matching blowfish crypt value. This issue affected Ubuntu\n 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2483)\n\n It was discovered that PHP did not properly check the return values of\n the malloc(3), calloc(3) and realloc(3) library functions in multiple\n locations. This could allow an attacker to cause a denial of service\n via a NULL pointer dereference or possibly execute arbitrary code.\n This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\n and Ubuntu 11.04. (CVE-2011-3182)\n\n Maksymilian Arciemowicz discovered that PHP did not properly implement\n the error_log function. This could allow an attacker to cause a denial\n of service via an application crash. This issue affected Ubuntu 10.04\n LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267)\n\n Maksymilian Arciemowicz discovered that the ZipArchive functions\n addGlob() and addPattern() did not properly check their flag arguments.\n This could allow a malicious script author to cause a denial of\n service via application crash. This issue affected Ubuntu 10.04 LTS,\n Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-1657)\n\n It was discovered that the Xend opcode parser in PHP could be interrupted\n while handling the shift-left, shift-right, and bitwise-xor opcodes.\n This could allow a malicious script author to expose memory\n contents. This issue affected Ubuntu 10.04 LTS. (CVE-2010-1914)\n\n It was discovered that the strrchr function in PHP could be interrupted\n by a malicious script, allowing the exposure of memory contents. This\n issue affected Ubuntu 8.04 LTS. (CVE-2010-2484)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.5-1ubuntu7.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:13:30", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "FreeBSD Ports: php5, php5-sockets", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "modified": "2017-02-25T00:00:00", "id": "OPENVAS:70257", "href": "http://plugins.openvas.org/nasl.php?oid=70257", "sourceData": "#\n#VID 057bf770-cac4-11e0-aea3-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 057bf770-cac4-11e0-aea3-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n php5\n php5-sockets\n\nCVE-2011-2483\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash.\n\nCVE-2011-2202\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nCVE-2011-1938\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nCVE-2011-1148\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(70257);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\");\n script_bugtraq_id(49241);\n script_name(\"FreeBSD Ports: php5, php5-sockets\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3.7\")<0) {\n txt += 'Package php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-sockets\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3.7\")<0) {\n txt += 'Package php5-sockets version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:00", "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-237-01.", "cvss3": {}, "published": "2012-09-10T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2011-237-01 php ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:71962", "href": "http://plugins.openvas.org/nasl.php?oid=71962", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_237_01.nasl 6581 2017-07-06 13:58:51Z cfischer $\n# Description: Auto-generated from advisory SSA:2011-237-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, 13.37, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2011-237-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-237-01\";\n \nif(description)\n{\n script_id(71962);\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6581 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:58:51 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:18 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2011-237-01 php \");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.37\", rls:\"SLK13.37\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:26:42", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1231-1", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1231-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2484", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3182", "CVE-2010-1914", "CVE-2011-3267", "CVE-2011-2202"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840782", "href": "http://plugins.openvas.org/nasl.php?oid=840782", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1231_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for php5 USN-1231-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a\n stack-based buffer overflow existed in the socket_connect function's\n handling of long pathnames for AF_UNIX sockets. A remote attacker\n might be able to exploit this to execute arbitrary code; however,\n the default compiler options for affected releases should reduce\n the vulnerability to a denial of service. This issue affected Ubuntu\n 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)\n\n Krzysztof Kotowicz discovered that the PHP post handler function\n does not properly restrict filenames in multipart/form-data POST\n requests. This may allow remote attackers to conduct absolute\n path traversal attacks and possibly create or overwrite arbitrary\n files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu\n 10.10 and Ubuntu 11.04. (CVE-2011-2202)\n \n It was discovered that the crypt function for blowfish does not\n properly handle 8-bit characters. This could make it easier for an\n attacker to discover a cleartext password containing an 8-bit character\n that has a matching blowfish crypt value. This issue affected Ubuntu\n 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2483)\n \n It was discovered that PHP did not properly check the return values of\n the malloc(3), calloc(3) and realloc(3) library functions in multiple\n locations. This could allow an attacker to cause a denial of service\n via a NULL pointer dereference or possibly execute arbitrary code.\n This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\n and Ubuntu 11.04. (CVE-2011-3182)\n \n Maksymilian Arciemowicz discovered that PHP did not properly implement\n the error_log function. This could allow an attacker to cause a denial\n of service via an application crash. This issue affected Ubuntu 10.04\n LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267)\n \n Maksymilian Arciemowicz discovered that the ZipArchive functions\n addGlob() and addPattern() did not properly check their flag arguments.\n This could allow a malicious script author to cause a denial of\n service via application crash. This issue affected Ubuntu 10.04 LTS,\n Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-1657)\n \n It was discovered that the Xend opcode parser in PHP could be interrupted\n while handling the shift-left, shift-right, and bitwise-xor opcodes.\n This could allow a malicious script author to expose memory\n contents. This issue affected Ubuntu 10.04 LTS. (CVE-2010-1914)\n \n It was discovered that the strrchr function in PHP could be interrupted\n by a malicious script, allowing the exposure of memory contents. This\n issue affected Ubuntu 8.04 LTS. (CVE-2010-2484)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1231-1\";\ntag_affected = \"php5 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1231-1/\");\n script_id(840782);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1231-1\");\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\",\n \"CVE-2011-3267\", \"CVE-2011-1657\", \"CVE-2010-1914\", \"CVE-2010-2484\");\n script_name(\"Ubuntu Update for php5 USN-1231-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.5-1ubuntu7.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:52", "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-237-01.", "cvss3": {}, "published": "2012-09-10T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2011-237-01 php", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231071962", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071962", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_237_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from advisory SSA:2011-237-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71962\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:18 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2011-237-01 php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(11\\.0|12\\.0|12\\.1|12\\.2|13\\.0|13\\.1|13\\.37)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-237-01\");\n\n script_tag(name:\"insight\", value:\"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, 13.37, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2011-237-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.37\", rls:\"SLK13.37\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:04:01", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2011-7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3379", "CVE-2011-2202"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120517", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120517\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 11:27:40 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2011-7)\");\n script_tag(name:\"solution\", value:\"Run yum update php to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2011-7.html\");\n script_cve_id(\"CVE-2011-3182\", \"CVE-2011-3379\", \"CVE-2011-2483\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-1148\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.8~3.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:55", "description": "Check for the Version of subversion", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "Mandriva Update for subversion MDVSA-2011:106 (subversion)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831415", "href": "http://plugins.openvas.org/nasl.php?oid=831415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for subversion MDVSA-2011:106 (subversion)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in subversion:\n\n The mod_dav_svn Apache HTTPD server module will dereference a NULL\n pointer if asked to deliver baselined WebDAV resources which can lead\n to a DoS (Denial Of Service) (CVE-2011-1752).\n \n The mod_dav_svn Apache HTTPD server module may in certain cenarios\n enter a logic loop which does not exit and which allocates emory in\n each iteration, ultimately exhausting all the available emory on the\n server which can lead to a DoS (Denial Of Service) (CVE-2011-1783).\n \n The mod_dav_svn Apache HTTPD server module may leak to remote users\n the file contents of files configured to be unreadable by those users\n (CVE-2011-1921).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n \n The updated packages have been upgraded to the 1.6.17 version which\n is not vulnerable to these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"subversion on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-06/msg00002.php\");\n script_id(831415);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:106\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"Mandriva Update for subversion MDVSA-2011:106 (subversion)\");\n\n script_summary(\"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn-gnome-keyring0\", rpm:\"libsvn-gnome-keyring0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn-kwallet0\", rpm:\"libsvn-kwallet0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn-gnome-keyring0\", rpm:\"lib64svn-gnome-keyring0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn-kwallet0\", rpm:\"lib64svn-kwallet0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:35", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "FreeBSD Ports: subversion", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2017-02-25T00:00:00", "id": "OPENVAS:69755", "href": "http://plugins.openvas.org/nasl.php?oid=69755", "sourceData": "#\n#VID e27a1af3-8d21-11e0-a45d-001e8c75030d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e27a1af3-8d21-11e0-a45d-001e8c75030d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n subversion\n subversion-freebsd\n\nCVE-2011-1752\nThe mod_dav_svn module for the Apache HTTP Server, as distributed in\nApache Subversion before 1.6.17, allows remote attackers to cause a\ndenial of service (NULL pointer dereference and daemon crash) via a\nrequest for a baselined WebDAV resource, as exploited in the wild in\nMay 2011.\nCVE-2011-1783\nThe mod_dav_svn module for the Apache HTTP Server, as distributed in\nApache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz\nshort_circuit option is enabled, allows remote attackers to cause a\ndenial of service (infinite loop and memory consumption) in\nopportunistic circumstances by requesting data.\nCVE-2011-1921\nThe mod_dav_svn module for the Apache HTTP Server, as distributed in\nApache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz\nshort_circuit option is disabled, does not properly enforce\npermissions for files that had been publicly readable in the past,\nwhich allows remote attackers to obtain sensitive information via a\nreplay REPORT operation.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(69755);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"FreeBSD Ports: subversion\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"subversion\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.17\")<0) {\n txt += 'Package subversion version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"subversion-freebsd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.17\")<0) {\n txt += 'Package subversion-freebsd version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:24", "description": "Check for the Version of mod_dav_svn", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880528", "href": "http://plugins.openvas.org/nasl.php?oid=880528", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Subversion (SVN) is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a hierarchy of\n files and directories while keeping a history of all changes. The\n mod_dav_svn module is used with the Apache HTTP Server to allow access to\n Subversion repositories via HTTP.\n\n An infinite loop flaw was found in the way the mod_dav_svn module processed\n certain data sets. If the SVNPathAuthz directive was set to\n "short_circuit", and path-based access control for files and directories\n was enabled, a malicious, remote user could use this flaw to cause the\n httpd process serving the request to consume an excessive amount of system\n memory. (CVE-2011-1783)\n \n A NULL pointer dereference flaw was found in the way the mod_dav_svn module\n processed requests submitted against the URL of a baselined resource. A\n malicious, remote user could use this flaw to cause the httpd process\n serving the request to crash. (CVE-2011-1752)\n \n An information disclosure flaw was found in the way the mod_dav_svn\n module processed certain URLs when path-based access control for files and\n directories was enabled. A malicious, remote user could possibly use this\n flaw to access certain files in a repository that would otherwise not be\n accessible to them. Note: This vulnerability cannot be triggered if the\n SVNPathAuthz directive is set to "short_circuit". (CVE-2011-1921)\n \n Red Hat would like to thank the Apache Subversion project for reporting\n these issues. Upstream acknowledges Joe Schaefer of the Apache Software\n Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of\n VisualSVN as the original reporter of CVE-2011-1783; and Kamesh\n Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.\n \n All Subversion users should upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n updated packages, you must restart the httpd daemon, if you are using\n mod_dav_svn, for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"mod_dav_svn on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017614.html\");\n script_id(880528);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0862\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386\");\n\n script_summary(\"Check for the Version of mod_dav_svn\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-06-10T00:00:00", "type": "openvas", "title": "RedHat Update for subversion RHSA-2011:0862-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870442", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for subversion RHSA-2011:0862-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-June/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870442\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:0862-01\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"RedHat Update for subversion RHSA-2011:0862-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'subversion'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"subversion on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Subversion (SVN) is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a hierarchy of\n files and directories while keeping a history of all changes. The\n mod_dav_svn module is used with the Apache HTTP Server to allow access to\n Subversion repositories via HTTP.\n\n An infinite loop flaw was found in the way the mod_dav_svn module processed\n certain data sets. If the SVNPathAuthz directive was set to\n 'short_circuit', and path-based access control for files and directories\n was enabled, a malicious, remote user could use this flaw to cause the\n httpd process serving the request to consume an excessive amount of system\n memory. (CVE-2011-1783)\n\n A NULL pointer dereference flaw was found in the way the mod_dav_svn module\n processed requests submitted against the URL of a baselined resource. A\n malicious, remote user could use this flaw to cause the httpd process\n serving the request to crash. (CVE-2011-1752)\n\n An information disclosure flaw was found in the way the mod_dav_svn\n module processed certain URLs when path-based access control for files and\n directories was enabled. A malicious, remote user could possibly use this\n flaw to access certain files in a repository that would otherwise not be\n accessible to them. Note: This vulnerability cannot be triggered if the\n SVNPathAuthz directive is set to 'short_circuit'. (CVE-2011-1921)\n\n Red Hat would like to thank the Apache Subversion project for reporting\n these issues. Upstream acknowledges Joe Schaefer of the Apache Software\n Foundation as the original reporter of CVE-2011-1752, Ivan Zhakov of\n VisualSVN as the original reporter of CVE-2011-1783, and Kamesh\n Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.\n\n All Subversion users should upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n updated packages, you must restart the httpd daemon, if you are using\n mod_dav_svn, for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-debuginfo\", rpm:\"subversion-debuginfo~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:55:53", "description": "The remote host is missing an update to subversion\nannounced via advisory DSA 2251-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2251-1 (subversion)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:69958", "href": "http://plugins.openvas.org/nasl.php?oid=69958", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2251_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2251-1 (subversion)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in Subversion, the version\ncontrol system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2011-1752\n\nThe mod_dav_svn Apache HTTPD server module can be crashed though\nwhen asked to deliver baselined WebDAV resources.\n\nCVE-2011-1783\n\nThe mod_dav_svn Apache HTTPD server module can trigger a loop which\nconsumes all available memory on the system.\n\nCVE-2011-1921\n\nThe mod_dav_svn Apache HTTPD server module may leak to remote users\nthe file contents of files configured to be unreadable by those\nusers.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-7.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.17dfsg-1.\n\nWe recommend that you upgrade your subversion packages.\";\ntag_summary = \"The remote host is missing an update to subversion\nannounced via advisory DSA 2251-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202251-1\";\n\n\nif(description)\n{\n script_id(69958);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"Debian Security Advisory DSA 2251-1 (subversion)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-dev\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-doc\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-java\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-perl\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby1.8\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn1\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-subversion\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion-tools\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-dev\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-doc\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-java\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-perl\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby1.8\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn1\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-subversion\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion-tools\", ver:\"1.6.12dfsg-6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:31", "description": "Check for the Version of subversion", "cvss3": {}, "published": "2011-06-10T00:00:00", "type": "openvas", "title": "RedHat Update for subversion RHSA-2011:0862-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870442", "href": "http://plugins.openvas.org/nasl.php?oid=870442", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for subversion RHSA-2011:0862-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Subversion (SVN) is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a hierarchy of\n files and directories while keeping a history of all changes. The\n mod_dav_svn module is used with the Apache HTTP Server to allow access to\n Subversion repositories via HTTP.\n\n An infinite loop flaw was found in the way the mod_dav_svn module processed\n certain data sets. If the SVNPathAuthz directive was set to\n "short_circuit", and path-based access control for files and directories\n was enabled, a malicious, remote user could use this flaw to cause the\n httpd process serving the request to consume an excessive amount of system\n memory. (CVE-2011-1783)\n \n A NULL pointer dereference flaw was found in the way the mod_dav_svn module\n processed requests submitted against the URL of a baselined resource. A\n malicious, remote user could use this flaw to cause the httpd process\n serving the request to crash. (CVE-2011-1752)\n \n An information disclosure flaw was found in the way the mod_dav_svn\n module processed certain URLs when path-based access control for files and\n directories was enabled. A malicious, remote user could possibly use this\n flaw to access certain files in a repository that would otherwise not be\n accessible to them. Note: This vulnerability cannot be triggered if the\n SVNPathAuthz directive is set to "short_circuit". (CVE-2011-1921)\n \n Red Hat would like to thank the Apache Subversion project for reporting\n these issues. Upstream acknowledges Joe Schaefer of the Apache Software\n Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of\n VisualSVN as the original reporter of CVE-2011-1783; and Kamesh\n Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.\n \n All Subversion users should upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n updated packages, you must restart the httpd daemon, if you are using\n mod_dav_svn, for the update to take effect.\";\n\ntag_affected = \"subversion on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-June/msg00008.html\");\n script_id(870442);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0862-01\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"RedHat Update for subversion RHSA-2011:0862-01\");\n\n script_summary(\"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-debuginfo\", rpm:\"subversion-debuginfo~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.6.11~7.el5_6.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-12T00:00:00", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2011-8352", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863295", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2011-8352\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863295\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-12 08:00:26 +0200 (Tue, 12 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-8352\");\n script_cve_id(\"CVE-2011-1783\", \"CVE-2011-1752\", \"CVE-2011-1921\");\n script_name(\"Fedora Update for subversion FEDORA-2011-8352\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'subversion'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"subversion on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880528", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-June/017614.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880528\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2011:0862\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_dav_svn'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"mod_dav_svn on CentOS 5\");\n script_tag(name:\"insight\", value:\"Subversion (SVN) is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a hierarchy of\n files and directories while keeping a history of all changes. The\n mod_dav_svn module is used with the Apache HTTP Server to allow access to\n Subversion repositories via HTTP.\n\n An infinite loop flaw was found in the way the mod_dav_svn module processed\n certain data sets. If the SVNPathAuthz directive was set to\n 'short_circuit', and path-based access control for files and directories\n was enabled, a malicious, remote user could use this flaw to cause the\n httpd process serving the request to consume an excessive amount of system\n memory. (CVE-2011-1783)\n\n A NULL pointer dereference flaw was found in the way the mod_dav_svn module\n processed requests submitted against the URL of a baselined resource. A\n malicious, remote user could use this flaw to cause the httpd process\n serving the request to crash. (CVE-2011-1752)\n\n An information disclosure flaw was found in the way the mod_dav_svn\n module processed certain URLs when path-based access control for files and\n directories was enabled. A malicious, remote user could possibly use this\n flaw to access certain files in a repository that would otherwise not be\n accessible to them. Note: This vulnerability cannot be triggered if the\n SVNPathAuthz directive is set to 'short_circuit'. (CVE-2011-1921)\n\n Red Hat would like to thank the Apache Subversion project for reporting\n these issues. Upstream acknowledges Joe Schaefer of the Apache Software\n Foundation as the original reporter of CVE-2011-1752, Ivan Zhakov of\n VisualSVN as the original reporter of CVE-2011-1783, and Kamesh\n Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.\n\n All Subversion users should upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n updated packages, you must restart the httpd daemon, if you are using\n mod_dav_svn, for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "FreeBSD Ports: subversion", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231069755", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069755", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_subversion4.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID e27a1af3-8d21-11e0-a45d-001e8c75030d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69755\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"FreeBSD Ports: subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n subversion\n subversion-freebsd\n\nCVE-2011-1752\nThe mod_dav_svn module for the Apache HTTP Server, as distributed in\nApache Subversion before 1.6.17, allows remote attackers to cause a\ndenial of service (NULL pointer dereference and daemon crash) via a\nrequest for a baselined WebDAV resource, as exploited in the wild in\nMay 2011.\nCVE-2011-1783\nThe mod_dav_svn module for the Apache HTTP Server, as distributed in\nApache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz\nshort_circuit option is enabled, allows remote attackers to cause a\ndenial of service (infinite loop and memory consumption) in\nopportunistic circumstances by requesting data.\nCVE-2011-1921\nThe mod_dav_svn module for the Apache HTTP Server, as distributed in\nApache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz\nshort_circuit option is disabled, does not properly enforce\npermissions for files that had been publicly readable in the past,\nwhich allows remote attackers to obtain sensitive information via a\nreplay REPORT operation.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"subversion\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.17\")<0) {\n txt += 'Package subversion version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"subversion-freebsd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.17\")<0) {\n txt += 'Package subversion-freebsd version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:46", "description": "The remote host is missing an update to subversion\nannounced via advisory DSA 2251-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2251-1 (subversion)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231069958", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069958", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2251_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2251-1 (subversion)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69958\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"Debian Security Advisory DSA 2251-1 (subversion)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202251-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in Subversion, the version\ncontrol system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2011-1752\n\nThe mod_dav_svn Apache HTTPD server module can be crashed though\nwhen asked to deliver baselined WebDAV resources.\n\nCVE-2011-1783\n\nThe mod_dav_svn Apache HTTPD server module can trigger a loop which\nconsumes all available memory on the system.\n\nCVE-2011-1921\n\nThe mod_dav_svn Apache HTTPD server module may leak to remote users\nthe file contents of files configured to be unreadable by those\nusers.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-7.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.17dfsg-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your subversion packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to subversion\nannounced via advisory DSA 2251-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-dev\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-doc\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-java\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-perl\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-ruby\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-ruby1.8\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn1\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-subversion\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"subversion\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"subversion-tools\", ver:\"1.5.1dfsg1-7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-dev\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-doc\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-java\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-perl\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-ruby\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-ruby1.8\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn1\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-subversion\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"subversion\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"subversion-tools\", ver:\"1.6.12dfsg-6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-11T17:53:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "Mandriva Update for subversion MDVSA-2011:106 (subversion)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310831415", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for subversion MDVSA-2011:106 (subversion)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-06/msg00002.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831415\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:106\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"Mandriva Update for subversion MDVSA-2011:106 (subversion)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'subversion'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"subversion on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were discovered and corrected in subversion:\n\n The mod_dav_svn Apache HTTPD server module will dereference a NULL\n pointer if asked to deliver baselined WebDAV resources which can lead\n to a DoS (Denial Of Service) (CVE-2011-1752).\n\n The mod_dav_svn Apache HTTPD server module may in certain scenarios\n enter a logic loop which does not exit and which allocates emory in\n each iteration, ultimately exhausting all the available emory on the\n server which can lead to a DoS (Denial Of Service) (CVE-2011-1783).\n\n The mod_dav_svn Apache HTTPD server module may leak to remote users\n the file contents of files configured to be unreadable by those users\n (CVE-2011-1921).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been upgraded to the 1.6.17 version which\n is not vulnerable to these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.17~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn-gnome-keyring0\", rpm:\"libsvn-gnome-keyring0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn-kwallet0\", rpm:\"libsvn-kwallet0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn-gnome-keyring0\", rpm:\"lib64svn-gnome-keyring0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn-kwallet0\", rpm:\"lib64svn-kwallet0~1.6.17~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.17~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-03T10:58:08", "description": "Check for the Version of mod_dav_svn", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for mod_dav_svn CESA-2011:0862 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:881360", "href": "http://plugins.openvas.org/nasl.php?oid=881360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mod_dav_svn CESA-2011:0862 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Subversion (SVN) is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a hierarchy of\n files and directories while keeping a history of all changes. The\n mod_dav_svn module is used with the Apache HTTP Server to allow access to\n Subversion repositories via HTTP.\n\n An infinite loop flaw was found in the way the mod_dav_svn module processed\n certain data sets. If the SVNPathAuthz directive was set to\n "short_circuit", and path-based access control for files and directories\n was enabled, a malicious, remote user could use this flaw to cause the\n httpd process serving the request to consume an excessive amount of system\n memory. (CVE-2011-1783)\n \n A NULL pointer dereference flaw was found in the way the mod_dav_svn module\n processed requests submitted against the URL of a baselined resource. A\n malicious, remote user could use this flaw to cause the httpd process\n serving the request to crash. (CVE-2011-1752)\n \n An information disclosure flaw was found in the way the mod_dav_svn\n module processed certain URLs when path-based access control for files and\n directories was enabled. A malicious, remote user could possibly use this\n flaw to access certain files in a repository that would otherwise not be\n accessible to them. Note: This vulnerability cannot be triggered if the\n SVNPathAuthz directive is set to "short_circuit". (CVE-2011-1921)\n \n Red Hat would like to thank the Apache Subversion project for reporting\n these issues. Upstream acknowledges Joe Schaefer of the Apache Software\n Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of\n VisualSVN as the original reporter of CVE-2011-1783; and Kamesh\n Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.\n \n All Subversion users should upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n updated packages, you must restart the httpd daemon, if you are using\n mod_dav_svn, for the update to take effect.\";\n\ntag_affected = \"mod_dav_svn on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017613.html\");\n script_id(881360);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:35:26 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0862\");\n script_name(\"CentOS Update for mod_dav_svn CESA-2011:0862 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_dav_svn\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:18", "description": "Check for the Version of subversion", "cvss3": {}, "published": "2011-07-08T00:00:00", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2011-8341", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863323", "href": "http://plugins.openvas.org/nasl.php?oid=863323", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2011-8341\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"subversion on Fedora 14\";\ntag_insight = \"Subversion is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a\n hierarchy of files and directories while keeping a history of all\n changes. Subversion only stores the differences between versions,\n instead of every complete file. Subversion is intended to be a\n compelling replacement for CVS.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html\");\n script_id(863323);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-8341\");\n script_cve_id(\"CVE-2011-1783\", \"CVE-2011-1752\", \"CVE-2011-1921\");\n script_name(\"Fedora Update for subversion FEDORA-2011-8341\");\n\n script_summary(\"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-08T00:00:00", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2011-8341", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863323", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863323", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2011-8341\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863323\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-8341\");\n script_cve_id(\"CVE-2011-1783\", \"CVE-2011-1752\", \"CVE-2011-1921\");\n script_name(\"Fedora Update for subversion FEDORA-2011-8341\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'subversion'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"subversion on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for mod_dav_svn CESA-2011:0862 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mod_dav_svn CESA-2011:0862 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-June/017613.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881360\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:35:26 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2011:0862\");\n script_name(\"CentOS Update for mod_dav_svn CESA-2011:0862 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_dav_svn'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"mod_dav_svn on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Subversion (SVN) is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a hierarchy of\n files and directories while keeping a history of all changes. The\n mod_dav_svn module is used with the Apache HTTP Server to allow access to\n Subversion repositories via HTTP.\n\n An infinite loop flaw was found in the way the mod_dav_svn module processed\n certain data sets. If the SVNPathAuthz directive was set to\n 'short_circuit', and path-based access control for files and directories\n was enabled, a malicious, remote user could use this flaw to cause the\n httpd process serving the request to consume an excessive amount of system\n memory. (CVE-2011-1783)\n\n A NULL pointer dereference flaw was found in the way the mod_dav_svn module\n processed requests submitted against the URL of a baselined resource. A\n malicious, remote user could use this flaw to cause the httpd process\n serving the request to crash. (CVE-2011-1752)\n\n An information disclosure flaw was found in the way the mod_dav_svn\n module processed certain URLs when path-based access control for files and\n directories was enabled. A malicious, remote user could possibly use this\n flaw to access certain files in a repository that would otherwise not be\n accessible to them. Note: This vulnerability cannot be triggered if the\n SVNPathAuthz directive is set to 'short_circuit'. (CVE-2011-1921)\n\n Red Hat would like to thank the Apache Subversion project for reporting\n these issues. Upstream acknowledges Joe Schaefer of the Apache Software\n Foundation as the original reporter of CVE-2011-1752, Ivan Zhakov of\n VisualSVN as the original reporter of CVE-2011-1783, and Kamesh\n Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.\n\n All Subversion users should upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n updated packages, you must restart the httpd daemon, if you are using\n mod_dav_svn, for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.6.11~7.el5_6.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:34", "description": "Check for the Version of subversion", "cvss3": {}, "published": "2011-07-12T00:00:00", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2011-8352", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863295", "href": "http://plugins.openvas.org/nasl.php?oid=863295", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2011-8352\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"subversion on Fedora 15\";\ntag_insight = \"Subversion is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a\n hierarchy of files and directories while keeping a history of all\n changes. Subversion only stores the differences between versions,\n instead of every complete file. Subversion is intended to be a\n compelling replacement for CVS.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html\");\n script_id(863295);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-12 08:00:26 +0200 (Tue, 12 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-8352\");\n script_cve_id(\"CVE-2011-1783\", \"CVE-2011-1752\", \"CVE-2011-1921\");\n script_name(\"Fedora Update for subversion FEDORA-2011-8352\");\n\n script_summary(\"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.17~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:27:08", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1144-1", "cvss3": {}, "published": "2011-06-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for subversion USN-1144-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840674", "href": "http://plugins.openvas.org/nasl.php?oid=840674", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1144_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for subversion USN-1144-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache\n did not properly handle certain baselined WebDAV resource requests. A\n remote attacker could use this flaw to cause the service to crash, leading\n to a denial of service. (CVE-2011-1752)\n\n Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache\n did not properly handle certain requests. A remote attacker could use this\n flaw to cause the service to consume all available resources, leading to a\n denial of service. (CVE-2011-1783)\n \n Kamesh Jayachandran discovered that the Subversion mod_dav_svn module for\n Apache did not properly handle access control in certain situations. A\n remote user could use this flaw to gain access to files that would\n otherwise be unreadable. (CVE-2011-1921)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1144-1\";\ntag_affected = \"subversion on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1144-1/\");\n script_id(840674);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1144-1\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"Ubuntu Update for subversion USN-1144-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.6.12dfsg-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.6.6dfsg-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.6.12dfsg-4ubuntu2.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:03", "description": "Oracle Linux Local Security Checks ELSA-2011-0862", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0862", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0862.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122150\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:54 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0862\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0862 - subversion security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0862\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0862.html\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~7.el5_6.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~7.el5_6.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~7.el5_6.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~7.el5_6.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.6.11~7.el5_6.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.6.11~7.el5_6.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-gnome\", rpm:\"subversion-gnome~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-kde\", rpm:\"subversion-kde~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"subversion-svn2cl\", rpm:\"subversion-svn2cl~1.6.11~2.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1144-1", "cvss3": {}, "published": "2011-06-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for subversion USN-1144-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1783", "CVE-2011-1752", "CVE-2011-1921"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840674", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1144_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for subversion USN-1144-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1144-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840674\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1144-1\");\n script_cve_id(\"CVE-2011-1752\", \"CVE-2011-1783\", \"CVE-2011-1921\");\n script_name(\"Ubuntu Update for subversion USN-1144-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1144-1\");\n script_tag(name:\"affected\", value:\"subversion on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache\n did not properly handle certain baselined WebDAV resource requests. A\n remote attacker could use this flaw to cause the service to crash, leading\n to a denial of service. (CVE-2011-1752)\n\n Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache\n did not properly handle certain requests. A remote attacker could use this\n flaw to cause the service to consume all available resources, leading to a\n denial of service. (CVE-2011-1783)\n\n Kamesh Jayachandran discovered that the Subversion mod_dav_svn module for\n Apache did not properly handle access control in certain situations. A\n remote user could use this flaw to gain access to files that would\n otherwise be unreadable. (CVE-2011-1921)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.6.12dfsg-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.6.6dfsg-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.6.12dfsg-4ubuntu2.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for squirrelmail CESA-2012:0103 centos4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2010-2813", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555", "CVE-2010-1637"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squirrelmail CESA-2012:0103 centos4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018422.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881223\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:50:51 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-1637\", \"CVE-2010-2813\", \"CVE-2010-4554\", \"CVE-2010-4555\",\n \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0103\");\n script_name(\"CentOS Update for squirrelmail CESA-2012:0103 centos4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squirrelmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"squirrelmail on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"SquirrelMail is a standards-based webmail package written in PHP.\n\n A cross-site scripting (XSS) flaw was found in the way SquirrelMail\n performed the sanitization of HTML style tag content. A remote attacker\n could use this flaw to send a specially-crafted Multipurpose Internet Mail\n Extensions (MIME) message that, when opened by a victim, would lead to\n arbitrary web script execution in the context of their SquirrelMail\n session. (CVE-2011-2023)\n\n Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. A\n remote attacker could possibly use these flaws to execute arbitrary web\n script in the context of a victim's SquirrelMail session. (CVE-2010-4555)\n\n An input sanitization flaw was found in the way SquirrelMail handled the\n content of various HTML input fields. A remote attacker could use this\n flaw to alter user preference values via a newline character contained in\n the input for these fields. (CVE-2011-2752)\n\n It was found that the SquirrelMail Empty Trash and Index Order pages did\n not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote\n attacker could trick a user, who was logged into SquirrelMail, into\n visiting a specially-crafted URL, the attacker could empty the victim's\n trash folder or alter the ordering of the columns on the message index\n page. (CVE-2011-2753)\n\n SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a\n remote attacker to perform a clickjacking attack against logged in users\n and possibly gain access to sensitive user data. With this update, the\n SquirrelMail main frame can only be loaded into the top most browser frame.\n (CVE-2010-4554)\n\n A flaw was found in the way SquirrelMail handled failed log in attempts. A\n user preference file was created when attempting to log in with a password\n containing an 8-bit character, even if the username was not valid. A\n remote attacker could use this flaw to eventually consume all hard disk\n space on the target SquirrelMail server. (CVE-2010-2813)\n\n A flaw was found in the SquirrelMail Mail Fetch plug-in. If an\n administrator enabled this plug-in, a SquirrelMail user could use this flaw\n to port scan the local network the server was on. (CVE-2010-1637)\n\n Users of SquirrelMail should upgrade to this updated package, which\n contains backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~18.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for squirrelmail CESA-2012:0103 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2010-2813", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555", "CVE-2010-1637"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881232", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squirrelmail CESA-2012:0103 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018423.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881232\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:53:37 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-1637\", \"CVE-2010-2813\", \"CVE-2010-4554\", \"CVE-2010-4555\",\n \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0103\");\n script_name(\"CentOS Update for squirrelmail CESA-2012:0103 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squirrelmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"squirrelmail on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"SquirrelMail is a standards-based webmail package written in PHP.\n\n A cross-site scripting (XSS) flaw was found in the way SquirrelMail\n performed the sanitization of HTML style tag content. A remote attacker\n could use this flaw to send a specially-crafted Multipurpose Internet Mail\n Extensions (MIME) message that, when opened by a victim, would lead to\n arbitrary web script execution in the context of their SquirrelMail\n session. (CVE-2011-2023)\n\n Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. A\n remote attacker could possibly use these flaws to execute arbitrary web\n script in the context of a victim's SquirrelMail session. (CVE-2010-4555)\n\n An input sanitization flaw was found in the way SquirrelMail handled the\n content of various HTML input fields. A remote attacker could use this\n flaw to alter user preference values via a newline character contained in\n the input for these fields. (CVE-2011-2752)\n\n It was found that the SquirrelMail Empty Trash and Index Order pages did\n not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote\n attacker could trick a user, who was logged into SquirrelMail, into\n visiting a specially-crafted URL, the attacker could empty the victim's\n trash folder or alter the ordering of the columns on the message index\n page. (CVE-2011-2753)\n\n SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a\n remote attacker to perform a clickjacking attack against logged in users\n and possibly gain access to sensitive user data. With this update, the\n SquirrelMail main frame can only be loaded into the top most browser frame.\n (CVE-2010-4554)\n\n A flaw was found in the way SquirrelMail handled failed log in attempts. A\n user preference file was created when attempting to log in with a password\n containing an 8-bit character, even if the username was not valid. A\n remote attacker could use this flaw to eventually consume all hard disk\n space on the target SquirrelMail server. (CVE-2010-2813)\n\n A flaw was found in the SquirrelMail Mail Fetch plug-in. If an\n administrator enabled this plug-in, a SquirrelMail user could use this flaw\n to port scan the local network the server was on. (CVE-2010-1637)\n\n Users of SquirrelMail should upgrade to this updated package, which\n contains backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el5.centos.13\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-03T10:58:41", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "RedHat Update for squirrelmail RHSA-2012:0103-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2010-2813", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555", "CVE-2010-1637"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:870543", "href": "http://plugins.openvas.org/nasl.php?oid=870543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for squirrelmail RHSA-2012:0103-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail is a standards-based webmail package written in PHP.\n\n A cross-site scripting (XSS) flaw was found in the way SquirrelMail\n performed the sanitization of HTML style tag content. A remote attacker\n could use this flaw to send a specially-crafted Multipurpose Internet Mail\n Extensions (MIME) message that, when opened by a victim, would lead to\n arbitrary web script execution in the context of their SquirrelMail\n session. (CVE-2011-2023)\n \n Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. A\n remote attacker could possibly use these flaws to execute arbitrary web\n script in the context of a victim's SquirrelMail session. (CVE-2010-4555)\n \n An input sanitization flaw was found in the way SquirrelMail handled the\n content of various HTML input fields. A remote attacker could use this\n flaw to alter user preference values via a newline character contained in\n the input for these fields. (CVE-2011-2752)\n \n It was found that the SquirrelMail Empty Trash and Index Order pages did\n not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote\n attacker could trick a user, who was logged into SquirrelMail, into\n visiting a specially-crafted URL, the attacker could empty the victim's\n trash folder or alter the ordering of the columns on the message index\n page. (CVE-2011-2753)\n \n SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a\n remote attacker to perform a clickjacking attack against logged in users\n and possibly gain access to sensitive user data. With this update, the\n SquirrelMail main frame can only be loaded into the top most browser frame.\n (CVE-2010-4554)\n \n A flaw was found in the way SquirrelMail handled failed log in attempts. A\n user preference file was created when attempting to log in with a password\n containing an 8-bit character, even if the username was not valid. A\n remote attacker could use this flaw to eventually consume all hard disk\n space on the target SquirrelMail server. (CVE-2010-2813)\n \n A flaw was found in the SquirrelMail Mail Fetch plug-in. If an\n administrator enabled this plug-in, a SquirrelMail user could use this flaw\n to port scan the local network the server was on. (CVE-2010-1637)\n \n Users of SquirrelMail should upgrade to this updated package, which\n contains backported patches to correct these issues.\";\n\ntag_affected = \"squirrelmail on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00021.html\");\n script_id(870543);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 16:28:49 +0530 (Mon, 13 Feb 2012)\");\n script_cve_id(\"CVE-2010-1637\", \"CVE-2010-2813\", \"CVE-2010-4554\", \"CVE-2010-4555\",\n \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0103-01\");\n script_name(\"RedHat Update for squirrelmail RHSA-2012:0103-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el5_7.13\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~18.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "RedHat Update for squirrelmail RHSA-2012:0103-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2010-2813", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555", "CVE-2010-1637"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for squirrelmail RHSA-2012:0103-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870543\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 16:28:49 +0530 (Mon, 13 Feb 2012)\");\n script_cve_id(\"CVE-2010-1637\", \"CVE-2010-2813\", \"CVE-2010-4554\", \"CVE-2010-4555\",\n \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0103-01\");\n script_name(\"RedHat Update for squirrelmail RHSA-2012:0103-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squirrelmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"squirrelmail on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"SquirrelMail is a standards-based webmail package written in PHP.\n\n A cross-site scripting (XSS) flaw was found in the way SquirrelMail\n performed the sanitization of HTML style tag content. A remote attacker\n could use this flaw to send a specially-crafted Multipurpose Internet Mail\n Extensions (MIME) message that, when opened by a victim, would lead to\n arbitrary web script execution in the context of their SquirrelMail\n session. (CVE-2011-2023)\n\n Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. A\n remote attacker could possibly use these flaws to execute arbitrary web\n script in the context of a victim's SquirrelMail session. (CVE-2010-4555)\n\n An input sanitization flaw was found in the way SquirrelMail handled the\n content of various HTML input fields. A remote attacker could use this\n flaw to alter user preference values via a newline character contained in\n the input for these fields. (CVE-2011-2752)\n\n It was found that the SquirrelMail Empty Trash and Index Order pages did\n not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote\n attacker could trick a user, who was logged into SquirrelMail, into\n visiting a specially-crafted URL, the attacker could empty the victim's\n trash folder or alter the ordering of the columns on the message index\n page. (CVE-2011-2753)\n\n SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a\n remote attacker to perform a clickjacking attack against logged in users\n and possibly gain access to sensitive user data. With this update, the\n SquirrelMail main frame can only be loaded into the top most browser frame.\n (CVE-2010-4554)\n\n A flaw was found in the way SquirrelMail handled failed log in attempts. A\n user preference file was created when attempting to log in with a password\n containing an 8-bit character, even if the username was not valid. A\n remote attacker could use this flaw to eventually consume all hard disk\n space on the target SquirrelMail server. (CVE-2010-2813)\n\n A flaw was found in the SquirrelMail Mail Fetch plug-in. If an\n administrator enabled this plug-in, a SquirrelMail user could use this flaw\n to port scan the local network the server was on. (CVE-2010-1637)\n\n Users of SquirrelMail should upgrade to this updated package, which\n contains backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el5_7.13\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~18.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:07", "description": "Oracle Linux Local Security Checks ELSA-2012-0103", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0103", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2010-2813", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555", "CVE-2010-1637"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123994", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123994", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0103.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123994\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:21 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0103\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0103 - squirrelmail security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0103\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0103.html\");\n script_cve_id(\"CVE-2010-1637\", \"CVE-2010-2813\", \"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.0.1.el5_7.13\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:06:47", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for squirrelmail CESA-2012:0103 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2010-2813", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555", "CVE-2010-1637"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:881232", "href": "http://plugins.openvas.org/nasl.php?oid=881232", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squirrelmail CESA-2012:0103 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail is a standards-based webmail package written in PHP.\n\n A cross-site scripting (XSS) flaw was found in the way SquirrelMail\n performed the sanitization of HTML style tag content. A remote attacker\n could use this flaw to send a specially-crafted Multipurpose Internet Mail\n Extensions (MIME) message that, when opened by a victim, would lead to\n arbitrary web script execution in the context of their SquirrelMail\n session. (CVE-2011-2023)\n \n Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. A\n remote attacker could possibly use these flaws to execute arbitrary web\n script in the context of a victim's SquirrelMail session. (CVE-2010-4555)\n \n An input sanitization flaw was found in the way SquirrelMail handled the\n content of various HTML input fields. A remote attacker could use this\n flaw to alter user preference values via a newline character contained in\n the input for these fields. (CVE-2011-2752)\n \n It was found that the SquirrelMail Empty Trash and Index Order pages did\n not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote\n attacker could trick a user, who was logged into SquirrelMail, into\n visiting a specially-crafted URL, the attacker could empty the victim's\n trash folder or alter the ordering of the columns on the message index\n page. (CVE-2011-2753)\n \n SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a\n remote attacker to perform a clickjacking attack against logged in users\n and possibly gain access to sensitive user data. With this update, the\n SquirrelMail main frame can only be loaded into the top most browser frame.\n (CVE-2010-4554)\n \n A flaw was found in the way SquirrelMail handled failed log in attempts. A\n user preference file was created when attempting to log in with a password\n containing an 8-bit character, even if the username was not valid. A\n remote attacker could use this flaw to eventually consume all hard disk\n space on the target SquirrelMail server. (CVE-2010-2813)\n \n A flaw was found in the SquirrelMail Mail Fetch plug-in. If an\n administrator enabled this plug-in, a SquirrelMail user could use this flaw\n to port scan the local network the server was on. (CVE-2010-1637)\n \n Users of SquirrelMail should upgrade to this updated package, which\n contains backported patches to correct these issues.\";\n\ntag_affected = \"squirrelmail on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018423.html\");\n script_id(881232);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:53:37 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-1637\", \"CVE-2010-2813\", \"CVE-2010-4554\", \"CVE-2010-4555\",\n \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0103\");\n script_name(\"CentOS Update for squirrelmail CESA-2012:0103 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~5.el5.centos.13\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:07:59", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for squirrelmail CESA-2012:0103 centos4 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2010-2813", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555", "CVE-2010-1637"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:881223", "href": "http://plugins.openvas.org/nasl.php?oid=881223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squirrelmail CESA-2012:0103 centos4 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SquirrelMail is a standards-based webmail package written in PHP.\n\n A cross-site scripting (XSS) flaw was found in the way SquirrelMail\n performed the sanitization of HTML style tag content. A remote attacker\n could use this flaw to send a specially-crafted Multipurpose Internet Mail\n Extensions (MIME) message that, when opened by a victim, would lead to\n arbitrary web script execution in the context of their SquirrelMail\n session. (CVE-2011-2023)\n \n Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. A\n remote attacker could possibly use these flaws to execute arbitrary web\n script in the context of a victim's SquirrelMail session. (CVE-2010-4555)\n \n An input sanitization flaw was found in the way SquirrelMail handled the\n content of various HTML input fields. A remote attacker could use this\n flaw to alter user preference values via a newline character contained in\n the input for these fields. (CVE-2011-2752)\n \n It was found that the SquirrelMail Empty Trash and Index Order pages did\n not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote\n attacker could trick a user, who was logged into SquirrelMail, into\n visiting a specially-crafted URL, the attacker could empty the victim's\n trash folder or alter the ordering of the columns on the message index\n page. (CVE-2011-2753)\n \n SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a\n remote attacker to perform a clickjacking attack against logged in users\n and possibly gain access to sensitive user data. With this update, the\n SquirrelMail main frame can only be loaded into the top most browser frame.\n (CVE-2010-4554)\n \n A flaw was found in the way SquirrelMail handled failed log in attempts. A\n user preference file was created when attempting to log in with a password\n containing an 8-bit character, even if the username was not valid. A\n remote attacker could use this flaw to eventually consume all hard disk\n space on the target SquirrelMail server. (CVE-2010-2813)\n \n A flaw was found in the SquirrelMail Mail Fetch plug-in. If an\n administrator enabled this plug-in, a SquirrelMail user could use this flaw\n to port scan the local network the server was on. (CVE-2010-1637)\n \n Users of SquirrelMail should upgrade to this updated package, which\n contains backported patches to correct these issues.\";\n\ntag_affected = \"squirrelmail on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018422.html\");\n script_id(881223);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:50:51 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-1637\", \"CVE-2010-2813\", \"CVE-2010-4554\", \"CVE-2010-4555\",\n \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0103\");\n script_name(\"CentOS Update for squirrelmail CESA-2012:0103 centos4 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.8~18.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:22", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Fedora Update for squirrelmail FEDORA-2011-9309", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863382", "href": "http://plugins.openvas.org/nasl.php?oid=863382", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squirrelmail FEDORA-2011-9309\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"squirrelmail on Fedora 14\";\ntag_insight = \"SquirrelMail is a basic webmail package written in PHP4. It\n includes built-in pure PHP support for the IMAP and SMTP protocols, and\n all pages render in pure HTML 4.0 (with no JavaScript) for maximum\n compatibility across browsers. It has very few requirements and is very\n easy to configure and install.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062983.html\");\n script_id(863382);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9309\");\n script_cve_id(\"CVE-2011-2023\", \"CVE-2010-4555\", \"CVE-2010-4554\");\n script_name(\"Fedora Update for squirrelmail FEDORA-2011-9309\");\n\n script_summary(\"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.22~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Fedora Update for squirrelmail FEDORA-2011-9309", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863382", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863382", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squirrelmail FEDORA-2011-9309\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062983.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863382\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-9309\");\n script_cve_id(\"CVE-2011-2023\", \"CVE-2010-4555\", \"CVE-2010-4554\");\n script_name(\"Fedora Update for squirrelmail FEDORA-2011-9309\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squirrelmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"squirrelmail on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.22~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Fedora Update for squirrelmail FEDORA-2011-9311", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squirrelmail FEDORA-2011-9311\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062939.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863384\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-9311\");\n script_cve_id(\"CVE-2011-2023\", \"CVE-2010-4555\", \"CVE-2010-4554\");\n script_name(\"Fedora Update for squirrelmail FEDORA-2011-9311\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squirrelmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"squirrelmail on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.22~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-25T10:55:53", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Fedora Update for squirrelmail FEDORA-2011-9311", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863384", "href": "http://plugins.openvas.org/nasl.php?oid=863384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squirrelmail FEDORA-2011-9311\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"squirrelmail on Fedora 15\";\ntag_insight = \"SquirrelMail is a basic webmail package written in PHP4. It\n includes built-in pure PHP support for the IMAP and SMTP protocols, and\n all pages render in pure HTML 4.0 (with no JavaScript) for maximum\n compatibility across browsers. It has very few requirements and is very\n easy to configure and install.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062939.html\");\n script_id(863384);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9311\");\n script_cve_id(\"CVE-2011-2023\", \"CVE-2010-4555\", \"CVE-2010-4554\");\n script_name(\"Fedora Update for squirrelmail FEDORA-2011-9311\");\n\n script_summary(\"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.22~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-20T13:18:38", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "openvas", "title": "Fedora Update for squirrelmail FEDORA-2010-11410", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2813", "CVE-2010-1637"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:862307", "href": "http://plugins.openvas.org/nasl.php?oid=862307", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squirrelmail FEDORA-2010-11410\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"squirrelmail on Fedora 12\";\ntag_insight = \"SquirrelMail is a basic webmail package written in PHP4. It\n includes built-in pure PHP support for the IMAP and SMTP protocols, and\n all pages render in pure HTML 4.0 (with no JavaScript) for maximum\n compatibility across browsers. It has very few requirements and is very\n easy to configure and install.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html\");\n script_id(862307);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11410\");\n script_cve_id(\"CVE-2010-2813\", \"CVE-2010-1637\");\n script_name(\"Fedora Update for squirrelmail FEDORA-2010-11410\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.21~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:44", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "openvas", "title": "Fedora Update for squirrelmail FEDORA-2010-11410", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2813", "CVE-2010-1637"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310862307", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862307", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squirrelmail FEDORA-2010-11410\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"squirrelmail on Fedora 12\";\ntag_insight = \"SquirrelMail is a basic webmail package written in PHP4. It\n includes built-in pure PHP support for the IMAP and SMTP protocols, and\n all pages render in pure HTML 4.0 (with no JavaScript) for maximum\n compatibility across browsers. It has very few requirements and is very\n easy to configure and install.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862307\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11410\");\n script_cve_id(\"CVE-2010-2813\", \"CVE-2010-1637\");\n script_name(\"Fedora Update for squirrelmail FEDORA-2010-11410\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.21~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:05:47", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "openvas", "title": "Fedora Update for squirrelmail FEDORA-2010-11422", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2813", "CVE-2010-1637"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:1361412562310862309", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862309", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squirrelmail FEDORA-2010-11422\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"squirrelmail on Fedora 13\";\ntag_insight = \"SquirrelMail is a basic webmail package written in PHP4. It\n includes built-in pure PHP support for the IMAP and SMTP protocols, and\n all pages render in pure HTML 4.0 (with no JavaScript) for maximum\n compatibility across browsers. It has very few requirements and is very\n easy to configure and install.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862309\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11422\");\n script_cve_id(\"CVE-2010-2813\", \"CVE-2010-1637\");\n script_name(\"Fedora Update for squirrelmail FEDORA-2010-11422\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.21~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:39", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "openvas", "title": "Fedora Update for squirrelmail FEDORA-2010-11422", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2813", "CVE-2010-1637"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:862309", "href": "http://plugins.openvas.org/nasl.php?oid=862309", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squirrelmail FEDORA-2010-11422\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"squirrelmail on Fedora 13\";\ntag_insight = \"SquirrelMail is a basic webmail package written in PHP4. It\n includes built-in pure PHP support for the IMAP and SMTP protocols, and\n all pages render in pure HTML 4.0 (with no JavaScript) for maximum\n compatibility across browsers. It has very few requirements and is very\n easy to configure and install.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html\");\n script_id(862309);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11422\");\n script_cve_id(\"CVE-2010-2813\", \"CVE-2010-1637\");\n script_name(\"Fedora Update for squirrelmail FEDORA-2010-11422\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.21~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "RedHat Update for php53 and php RHSA-2011:1423-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870510", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php53 and php RHSA-2011:1423-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-November/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870510\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1423-01\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_name(\"RedHat Update for php53 and php RHSA-2011:1423-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php53 and php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"php53 and php on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A signedness issue was found in the way the PHP crypt() function handled\n 8-bit characters in passwords when using Blowfish hashing. Up to three\n characters immediately preceding a non-ASCII character (one with the high\n bit set) had no effect on the hash result, thus shortening the effective\n password length. This made brute-force guessing more efficient as several\n different passwords were hashed to the same value. (CVE-2011-2483)\n\n Note: Due to the CVE-2011-2483 fix, after installing this update some users\n may not be able to log in to PHP applications that hash passwords with\n Blowfish using the PHP crypt() function. Refer to the upstream\n 'CRYPT_BLOWFISH security fix details' document, linked to in the\n References, for details.\n\n An insufficient input validation flaw, leading to a buffer over-read, was\n found in the PHP exif extension. A specially-crafted image file could cause\n the PHP interpreter to crash when a PHP script tries to extract\n Exchangeable image file format (Exif) metadata from the image file.\n (CVE-2011-0708)\n\n An integer overflow flaw was found in the PHP calendar extension. A remote\n attacker able to make a PHP script call SdnToJulian() with a large value\n could cause the PHP interpreter to crash. (CVE-2011-1466)\n\n Multiple memory leak flaws were found in the PHP OpenSSL extension. A\n remote attacker able to make a PHP script use openssl_encrypt() or\n openssl_decrypt() repeatedly could cause the PHP interpreter to use an\n excessive amount of memory. (CVE-2011-1468)\n\n A use-after-free flaw was found in the PHP substr_replace() function. If a\n PHP script used the same variable as multiple function arguments, a remote\n attacker could possibly use this to crash the PHP interpreter or, possibly,\n execute arbitrary code. (CVE-2011-1148)\n\n A bug in the PHP Streams component caused the PHP interpreter to crash if\n an FTP wrapper connection was made through an HTTP proxy. A remote attacker\n could possibly trigger this issue if a PHP script accepted an untrusted URL\n to connect to. (CVE-2011-1469)\n\n An integer signedness issue was found in the PHP zip extension. An attacker\n could use a specially-crafted ZIP archive to cause the PHP interpreter to\n use an excessive amount of CPU time until the script execution time limit\n is reached. (CVE-2011-1471)\n\n A stack-based buffer overflow flaw was found in the way the PHP socket\n extension handled long AF_UNIX socket addresses. An attacker able to mak ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-debuginfo\", rpm:\"php53-debuginfo~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:58:45", "description": "Check for the Version of php53", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for php53 CESA-2011:1423 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:881333", "href": "http://plugins.openvas.org/nasl.php?oid=881333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php53 CESA-2011:1423 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A signedness issue was found in the way the PHP crypt() function handled\n 8-bit characters in passwords when using Blowfish hashing. Up to three\n characters immediately preceding a non-ASCII character (one with the high\n bit set) had no effect on the hash result, thus shortening the effective\n password length. This made brute-force guessing more efficient as several\n different passwords were hashed to the same value. (CVE-2011-2483)\n \n Note: Due to the CVE-2011-2483 fix, after installing this update some users\n may not be able to log in to PHP applications that hash passwords with\n Blowfish using the PHP crypt() function. Refer to the upstream\n "CRYPT_BLOWFISH security fix details" document, linked to in the\n References, for details.\n \n An insufficient input validation flaw, leading to a buffer over-read, was\n found in the PHP exif extension. A specially-crafted image file could cause\n the PHP interpreter to crash when a PHP script tries to extract\n Exchangeable image file format (Exif) metadata from the image file.\n (CVE-2011-0708)\n \n An integer overflow flaw was found in the PHP calendar extension. A remote\n attacker able to make a PHP script call SdnToJulian() with a large value\n could cause the PHP interpreter to crash. (CVE-2011-1466)\n \n Multiple memory leak flaws were found in the PHP OpenSSL extension. A\n remote attacker able to make a PHP script use openssl_encrypt() or\n openssl_decrypt() repeatedly could cause the PHP interpreter to use an\n excessive amount of memory. (CVE-2011-1468)\n \n A use-after-free flaw was found in the PHP substr_replace() function. If a\n PHP script used the same variable as multiple function arguments, a remote\n attacker could possibly use this to crash the PHP interpreter or, possibly,\n execute arbitrary code. (CVE-2011-1148)\n \n A bug in the PHP Streams component caused the PHP interpreter to crash if\n an FTP wrapper connection was made through an HTTP proxy. A remote attacker\n could possibly trigger this issue if a PHP script accepted an untrusted URL\n to connect to. (CVE-2011-1469)\n \n An integer signedness issue was found in the PHP zip extension. An attacker\n could use a specially-crafted ZIP archive to cause the PHP interpreter to\n use an excessive amount of CPU time until the script execution time limit\n is reached. (CVE-2011-1471)\n \n A stack-based buffer overflow flaw was found in the way the PHP socket\n extension handled long AF_UNIX socket addresses. An attacker able to make a\n PHP script connect to a long AF_ ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"php53 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018146.html\");\n script_id(881333);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:25:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1423\");\n script_name(\"CentOS Update for php53 CESA-2011:1423 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php53\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "CentOS Update for php53 CESA-2011:1423 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881028", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php53 CESA-2011:1423 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-November/018145.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881028\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1423\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_name(\"CentOS Update for php53 CESA-2011:1423 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php53'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"php53 on CentOS 5\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A signedness issue was found in the way the PHP crypt() function handled\n 8-bit characters in passwords when using Blowfish hashing. Up to three\n characters immediately preceding a non-ASCII character (one with the high\n bit set) had no effect on the hash result, thus shortening the effective\n password length. This made brute-force guessing more efficient as several\n different passwords were hashed to the same value. (CVE-2011-2483)\n\n Note: Due to the CVE-2011-2483 fix, after installing this update some users\n may not be able to log in to PHP applications that hash passwords with\n Blowfish using the PHP crypt() function. Refer to the upstream\n 'CRYPT_BLOWFISH security fix details' document, linked to in the\n References, for details.\n\n An insufficient input validation flaw, leading to a buffer over-read, was\n found in the PHP exif extension. A specially-crafted image file could cause\n the PHP interpreter to crash when a PHP script tries to extract\n Exchangeable image file format (Exif) metadata from the image file.\n (CVE-2011-0708)\n\n An integer overflow flaw was found in the PHP calendar extension. A remote\n attacker able to make a PHP script call SdnToJulian() with a large value\n could cause the PHP interpreter to crash. (CVE-2011-1466)\n\n Multiple memory leak flaws were found in the PHP OpenSSL extension. A\n remote attacker able to make a PHP script use openssl_encrypt() or\n openssl_decrypt() repeatedly could cause the PHP interpreter to use an\n excessive amount of memory. (CVE-2011-1468)\n\n A use-after-free flaw was found in the PHP substr_replace() function. If a\n PHP script used the same variable as multiple function arguments, a remote\n attacker could possibly use this to crash the PHP interpreter or, possibly,\n execute arbitrary code. (CVE-2011-1148)\n\n A bug in the PHP Streams component caused the PHP interpreter to crash if\n an FTP wrapper connection was made through an HTTP proxy. A remote attacker\n could possibly trigger this issue if a PHP script accepted an untrusted URL\n to connect to. (CVE-2011-1469)\n\n An integer signedness issue was found in the PHP zip extension. An attacker\n could use a specially-crafted ZIP archive to cause the PHP interpreter to\n use an excessive amount of CPU time until the script execution time limit\n is reached. (CVE-2011-1471)\n\n A stack-based buffer overflow flaw was found in the way the PHP socket\n extension handled long AF_UNIX socket addresses. An attacker able to make a\n PHP script connect to a long AF_ ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:52", "description": "Check for the Version of squirrelmail", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "openvas", "title": "Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831438", "href": "http://plugins.openvas.org/nasl.php?oid=831438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in\n squirrelmail:\n\n functions/page_header.php in SquirrelMail 1.4.21 and earlier does not\n prevent page rendering inside a frame in a third-party HTML document,\n which makes it easier for remote attackers to conduct clickjacking\n attacks via a crafted web site (CVE-2010-4554).\n \n Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail\n 1.4.21 and earlier allow remote attackers to inject arbitrary\n web script or HTML via vectors involving (1) drop-down selection\n lists, (2) the &gt; (greater than) character in the SquirrelSpell\n spellchecking plugin, and (3) errors associated with the Index Order\n (aka options_order) page (CVE-2010-4555).\n \n Cross-site scripting (XSS) vulnerability in functions/mime.php in\n SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary\n web script or HTML via a crafted STYLE element in an e-mail message\n (CVE-2011-2023).\n \n CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier\n allows remote attackers to modify or add preference values via a \\n\n (newline) character, a different vulnerability than CVE-2010-4555\n (CVE-2011-2752).\n \n Multiple cross-site request forgery (CSRF) vulnerabilities in\n SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the\n authentication of unspecified victims via vectors involving (1) the\n empty trash implementation and (2) the Index Order (aka options_order)\n page, a different issue than CVE-2010-4555 (CVE-2011-2753).\n \n The updated packages have been upgraded to the 1.4.22 version which\n is not vulnerable to these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"squirrelmail on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-08/msg00005.php\");\n script_id(831438);\n script_version(\"$Revision: 6565 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:56:06 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:123\");\n script_cve_id(\"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_name(\"Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)\");\n\n script_summary(\"Check for the Version of squirrelmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ar\", rpm:\"squirrelmail-ar~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-bg\", rpm:\"squirrelmail-bg~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-bn-bangladesh\", rpm:\"squirrelmail-bn-bangladesh~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-bn-india\", rpm:\"squirrelmail-bn-india~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ca\", rpm:\"squirrelmail-ca~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-cs\", rpm:\"squirrelmail-cs~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-cy\", rpm:\"squirrelmail-cy~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-cyrus\", rpm:\"squirrelmail-cyrus~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-da\", rpm:\"squirrelmail-da~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-de\", rpm:\"squirrelmail-de~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-el\", rpm:\"squirrelmail-el~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-es\", rpm:\"squirrelmail-es~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-et\", rpm:\"squirrelmail-et~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-eu\", rpm:\"squirrelmail-eu~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fa\", rpm:\"squirrelmail-fa~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fi\", rpm:\"squirrelmail-fi~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fo\", rpm:\"squirrelmail-fo~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fr\", rpm:\"squirrelmail-fr~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fy\", rpm:\"squirrelmail-fy~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-he\", rpm:\"squirrelmail-he~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-hr\", rpm:\"squirrelmail-hr~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-hu\", rpm:\"squirrelmail-hu~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-id\", rpm:\"squirrelmail-id~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-is\", rpm:\"squirrelmail-is~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-it\", rpm:\"squirrelmail-it~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ja\", rpm:\"squirrelmail-ja~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ka\", rpm:\"squirrelmail-ka~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-km\", rpm:\"squirrelmail-km~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ko\", rpm:\"squirrelmail-ko~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-lt\", rpm:\"squirrelmail-lt~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-lv\", rpm:\"squirrelmail-lv~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-mk\", rpm:\"squirrelmail-mk~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ms\", rpm:\"squirrelmail-ms~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-nb\", rpm:\"squirrelmail-nb~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-nl\", rpm:\"squirrelmail-nl~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-nn\", rpm:\"squirrelmail-nn~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-pl\", rpm:\"squirrelmail-pl~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-poutils\", rpm:\"squirrelmail-poutils~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-pt\", rpm:\"squirrelmail-pt~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ro\", rpm:\"squirrelmail-ro~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ru\", rpm:\"squirrelmail-ru~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-sk\", rpm:\"squirrelmail-sk~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-sl\", rpm:\"squirrelmail-sl~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-sr\", rpm:\"squirrelmail-sr~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-sv\", rpm:\"squirrelmail-sv~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ta\", rpm:\"squirrelmail-ta~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-th\", rpm:\"squirrelmail-th~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-tr\", rpm:\"squirrelmail-tr~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ug\", rpm:\"squirrelmail-ug~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-uk\", rpm:\"squirrelmail-uk~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-vi\", rpm:\"squirrelmail-vi~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-zh_CN\", rpm:\"squirrelmail-zh_CN~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-zh_TW\", rpm:\"squirrelmail-zh_TW~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:51", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory DSA 2291-1.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2291-1 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70227", "href": "http://plugins.openvas.org/nasl.php?oid=70227", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2291_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2291-1 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various vulnerabilities have been found in SquirrelMail, a webmail\napplication. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:\n\nCVE-2010-4554\n\nSquirrelMail did not prevent page rendering inside a third-party\nHTML frame, which makes it easier for remote attackers to conduct\nclickjacking attacks via a crafted web site.\n\nCVE-2010-4555, CVE-2011-2752, CVE-2011-2753\n\nMultiple small bugs in SquirrelMail allowed an attacker to inject\nmalicious script into various pages or alter the contents of user\npreferences.\n\nCVE-2011-2023\n\nIt was possible to inject arbitrary web script or HTML via a\ncrafted STYLE element in an HTML part of an e-mail message.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.15-4+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2.\n\nFor the testing (wheezy) and unstable distribution (sid), these problems\nhave been fixed in version 1.4.22-1.\n\nWe recommend that you upgrade your squirrelmail packages.\";\ntag_summary = \"The remote host is missing an update to squirrelmail\nannounced via advisory DSA 2291-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202291-1\";\n\n\nif(description)\n{\n script_id(70227);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_name(\"Debian Security Advisory DSA 2291-1 (squirrelmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"2:1.4.15-4+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"2:1.4.21-2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:17", "description": "Check for the Version of php53 and php", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "RedHat Update for php53 and php RHSA-2011:1423-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870510", "href": "http://plugins.openvas.org/nasl.php?oid=870510", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php53 and php RHSA-2011:1423-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A signedness issue was found in the way the PHP crypt() function handled\n 8-bit characters in passwords when using Blowfish hashing. Up to three\n characters immediately preceding a non-ASCII character (one with the high\n bit set) had no effect on the hash result, thus shortening the effective\n password length. This made brute-force guessing more efficient as several\n different passwords were hashed to the same value. (CVE-2011-2483)\n \n Note: Due to the CVE-2011-2483 fix, after installing this update some users\n may not be able to log in to PHP applications that hash passwords with\n Blowfish using the PHP crypt() function. Refer to the upstream\n "CRYPT_BLOWFISH security fix details" document, linked to in the\n References, for details.\n \n An insufficient input validation flaw, leading to a buffer over-read, was\n found in the PHP exif extension. A specially-crafted image file could cause\n the PHP interpreter to crash when a PHP script tries to extract\n Exchangeable image file format (Exif) metadata from the image file.\n (CVE-2011-0708)\n \n An integer overflow flaw was found in the PHP calendar extension. A remote\n attacker able to make a PHP script call SdnToJulian() with a large value\n could cause the PHP interpreter to crash. (CVE-2011-1466)\n \n Multiple memory leak flaws were found in the PHP OpenSSL extension. A\n remote attacker able to make a PHP script use openssl_encrypt() or\n openssl_decrypt() repeatedly could cause the PHP interpreter to use an\n excessive amount of memory. (CVE-2011-1468)\n \n A use-after-free flaw was found in the PHP substr_replace() function. If a\n PHP script used the same variable as multiple function arguments, a remote\n attacker could possibly use this to crash the PHP interpreter or, possibly,\n execute arbitrary code. (CVE-2011-1148)\n \n A bug in the PHP Streams component caused the PHP interpreter to crash if\n an FTP wrapper connection was made through an HTTP proxy. A remote attacker\n could possibly trigger this issue if a PHP script accepted an untrusted URL\n to connect to. (CVE-2011-1469)\n \n An integer signedness issue was found in the PHP zip extension. An attacker\n could use a specially-crafted ZIP archive to cause the PHP interpreter to\n use an excessive amount of CPU time until the script execution time limit\n is reached. (CVE-2011-1471)\n \n A stack-based buffer overflow flaw was found in the way the PHP socket\n extension handled long AF_UNIX socket addresses. An attacker able to mak ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"php53 and php on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-November/msg00003.html\");\n script_id(870510);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1423-01\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_name(\"RedHat Update for php53 and php RHSA-2011:1423-01\");\n\n script_summary(\"Check for the Version of php53 and php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-debuginfo\", rpm:\"php53-debuginfo~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:20", "description": "Check for the Version of php53", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "CentOS Update for php53 CESA-2011:1423 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881028", "href": "http://plugins.openvas.org/nasl.php?oid=881028", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php53 CESA-2011:1423 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A signedness issue was found in the way the PHP crypt() function handled\n 8-bit characters in passwords when using Blowfish hashing. Up to three\n characters immediately preceding a non-ASCII character (one with the high\n bit set) had no effect on the hash result, thus shortening the effective\n password length. This made brute-force guessing more efficient as several\n different passwords were hashed to the same value. (CVE-2011-2483)\n \n Note: Due to the CVE-2011-2483 fix, after installing this update some users\n may not be able to log in to PHP applications that hash passwords with\n Blowfish using the PHP crypt() function. Refer to the upstream\n "CRYPT_BLOWFISH security fix details" document, linked to in the\n References, for details.\n \n An insufficient input validation flaw, leading to a buffer over-read, was\n found in the PHP exif extension. A specially-crafted image file could cause\n the PHP interpreter to crash when a PHP script tries to extract\n Exchangeable image file format (Exif) metadata from the image file.\n (CVE-2011-0708)\n \n An integer overflow flaw was found in the PHP calendar extension. A remote\n attacker able to make a PHP script call SdnToJulian() with a large value\n could cause the PHP interpreter to crash. (CVE-2011-1466)\n \n Multiple memory leak flaws were found in the PHP OpenSSL extension. A\n remote attacker able to make a PHP script use openssl_encrypt() or\n openssl_decrypt() repeatedly could cause the PHP interpreter to use an\n excessive amount of memory. (CVE-2011-1468)\n \n A use-after-free flaw was found in the PHP substr_replace() function. If a\n PHP script used the same variable as multiple function arguments, a remote\n attacker could possibly use this to crash the PHP interpreter or, possibly,\n execute arbitrary code. (CVE-2011-1148)\n \n A bug in the PHP Streams component caused the PHP interpreter to crash if\n an FTP wrapper connection was made through an HTTP proxy. A remote attacker\n could possibly trigger this issue if a PHP script accepted an untrusted URL\n to connect to. (CVE-2011-1469)\n \n An integer signedness issue was found in the PHP zip extension. An attacker\n could use a specially-crafted ZIP archive to cause the PHP interpreter to\n use an excessive amount of CPU time until the script execution time limit\n is reached. (CVE-2011-1471)\n \n A stack-based buffer overflow flaw was found in the way the PHP socket\n extension handled long AF_UNIX socket addresses. An attacker able to make a\n PHP script connect to a long AF_ ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php53 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018145.html\");\n script_id(881028);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1423\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_name(\"CentOS Update for php53 CESA-2011:1423 centos5 i386\");\n\n script_summary(\"Check for the Version of php53\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:19", "description": "Oracle Linux Local Security Checks ELSA-2011-1423", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1423", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122061", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122061", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1423.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122061\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:26 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1423\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1423 - php53 and php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1423\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1423.html\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for php53 CESA-2011:1423 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php53 CESA-2011:1423 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-November/018146.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881333\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:25:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1423\");\n script_name(\"CentOS Update for php53 CESA-2011:1423 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php53'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"php53 on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A signedness issue was found in the way the PHP crypt() function handled\n 8-bit characters in passwords when using Blowfish hashing. Up to three\n characters immediately preceding a non-ASCII character (one with the high\n bit set) had no effect on the hash result, thus shortening the effective\n password length. This made brute-force guessing more efficient as several\n different passwords were hashed to the same value. (CVE-2011-2483)\n\n Note: Due to the CVE-2011-2483 fix, after installing this update some users\n may not be able to log in to PHP applications that hash passwords with\n Blowfish using the PHP crypt() function. Refer to the upstream\n 'CRYPT_BLOWFISH security fix details' document, linked to in the\n References, for details.\n\n An insufficient input validation flaw, leading to a buffer over-read, was\n found in the PHP exif extension. A specially-crafted image file could cause\n the PHP interpreter to crash when a PHP script tries to extract\n Exchangeable image file format (Exif) metadata from the image file.\n (CVE-2011-0708)\n\n An integer overflow flaw was found in the PHP calendar extension. A remote\n attacker able to make a PHP script call SdnToJulian() with a large value\n could cause the PHP interpreter to crash. (CVE-2011-1466)\n\n Multiple memory leak flaws were found in the PHP OpenSSL extension. A\n remote attacker able to make a PHP script use openssl_encrypt() or\n openssl_decrypt() repeatedly could cause the PHP interpreter to use an\n excessive amount of memory. (CVE-2011-1468)\n\n A use-after-free flaw was found in the PHP substr_replace() function. If a\n PHP script used the same variable as multiple function arguments, a remote\n attacker could possibly use this to crash the PHP interpreter or, possibly,\n execute arbitrary code. (CVE-2011-1148)\n\n A bug in the PHP Streams component caused the PHP interpreter to crash if\n an FTP wrapper connection was made through an HTTP proxy. A remote attacker\n could possibly trigger this issue if a PHP script accepted an untrusted URL\n to connect to. (CVE-2011-1469)\n\n An integer signedness issue was found in the PHP zip extension. An attacker\n could use a specially-crafted ZIP archive to cause the PHP interpreter to\n use an excessive amount of CPU time until the script execution time limit\n is reached. (CVE-2011-1471)\n\n A stack-based buffer overflow flaw was found in the way the PHP socket\n extension handled long AF_UNIX socket addresses. An attacker able to make a\n PHP script connect to a long AF_ ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "openvas", "title": "Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310831438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-08/msg00005.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831438\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:123\");\n script_cve_id(\"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_name(\"Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'squirrelmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_mes5\");\n script_tag(name:\"affected\", value:\"squirrelmail on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in\n squirrelmail:\n\n functions/page_header.php in SquirrelMail 1.4.21 and earlier does not\n prevent page rendering inside a frame in a third-party HTML document,\n which makes it easier for remote attackers to conduct clickjacking\n attacks via a crafted web site (CVE-2010-4554).\n\n Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail\n 1.4.21 and earlier allow remote attackers to inject arbitrary\n web script or HTML via vectors involving (1) drop-down selection\n lists, (2) the > (greater than) character in the SquirrelSpell\n spellchecking plugin, and (3) errors associated with the Index Order\n (aka options_order) page (CVE-2010-4555).\n\n Cross-site scripting (XSS) vulnerability in functions/mime.php in\n SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary\n web script or HTML via a crafted STYLE element in an e-mail message\n (CVE-2011-2023).\n\n CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier\n allows remote attackers to modify or add preference values via a \\n\n (newline) character, a different vulnerability than CVE-2010-4555\n (CVE-2011-2752).\n\n Multiple cross-site request forgery (CSRF) vulnerabilities in\n SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the\n authentication of unspecified victims via vectors involving (1) the\n empty trash implementation and (2) the Index Order (aka options_order)\n page, a different issue than CVE-2010-4555 (CVE-2011-2753).\n\n The updated packages have been upgraded to the 1.4.22 version which\n is not vulnerable to these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"squirrelmail\", rpm:\"squirrelmail~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ar\", rpm:\"squirrelmail-ar~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-bg\", rpm:\"squirrelmail-bg~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-bn-bangladesh\", rpm:\"squirrelmail-bn-bangladesh~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-bn-india\", rpm:\"squirrelmail-bn-india~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ca\", rpm:\"squirrelmail-ca~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-cs\", rpm:\"squirrelmail-cs~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-cy\", rpm:\"squirrelmail-cy~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-cyrus\", rpm:\"squirrelmail-cyrus~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-da\", rpm:\"squirrelmail-da~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-de\", rpm:\"squirrelmail-de~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-el\", rpm:\"squirrelmail-el~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-es\", rpm:\"squirrelmail-es~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-et\", rpm:\"squirrelmail-et~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-eu\", rpm:\"squirrelmail-eu~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fa\", rpm:\"squirrelmail-fa~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fi\", rpm:\"squirrelmail-fi~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fo\", rpm:\"squirrelmail-fo~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fr\", rpm:\"squirrelmail-fr~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-fy\", rpm:\"squirrelmail-fy~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-he\", rpm:\"squirrelmail-he~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-hr\", rpm:\"squirrelmail-hr~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-hu\", rpm:\"squirrelmail-hu~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-id\", rpm:\"squirrelmail-id~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-is\", rpm:\"squirrelmail-is~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-it\", rpm:\"squirrelmail-it~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ja\", rpm:\"squirrelmail-ja~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ka\", rpm:\"squirrelmail-ka~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-km\", rpm:\"squirrelmail-km~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ko\", rpm:\"squirrelmail-ko~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-lt\", rpm:\"squirrelmail-lt~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-lv\", rpm:\"squirrelmail-lv~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-mk\", rpm:\"squirrelmail-mk~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ms\", rpm:\"squirrelmail-ms~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-nb\", rpm:\"squirrelmail-nb~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-nl\", rpm:\"squirrelmail-nl~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-nn\", rpm:\"squirrelmail-nn~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-pl\", rpm:\"squirrelmail-pl~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-poutils\", rpm:\"squirrelmail-poutils~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-pt\", rpm:\"squirrelmail-pt~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ro\", rpm:\"squirrelmail-ro~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ru\", rpm:\"squirrelmail-ru~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-sk\", rpm:\"squirrelmail-sk~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-sl\", rpm:\"squirrelmail-sl~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-sr\", rpm:\"squirrelmail-sr~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-sv\", rpm:\"squirrelmail-sv~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ta\", rpm:\"squirrelmail-ta~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-th\", rpm:\"squirrelmail-th~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-tr\", rpm:\"squirrelmail-tr~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-ug\", rpm:\"squirrelmail-ug~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-uk\", rpm:\"squirrelmail-uk~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-vi\", rpm:\"squirrelmail-vi~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-zh_CN\", rpm:\"squirrelmail-zh_CN~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squirrelmail-zh_TW\", rpm:\"squirrelmail-zh_TW~1.4.22~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:46", "description": "The remote host is missing an update to squirrelmail\nannounced via advisory DSA 2291-1.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2291-1 (squirrelmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2753", "CVE-2011-2752", "CVE-2011-2023", "CVE-2010-4554", "CVE-2010-4555"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070227", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070227", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2291_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2291-1 (squirrelmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70227\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-2752\", \"CVE-2011-2753\");\n script_name(\"Debian Security Advisory DSA 2291-1 (squirrelmail)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202291-1\");\n script_tag(name:\"insight\", value:\"Various vulnerabilities have been found in SquirrelMail, a webmail\napplication. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:\n\nCVE-2010-4554\n\nSquirrelMail did not prevent page rendering inside a third-party\nHTML frame, which makes it easier for remote attackers to conduct\nclickjacking attacks via a crafted web site.\n\nCVE-2010-4555, CVE-2011-2752, CVE-2011-2753\n\nMultiple small bugs in SquirrelMail allowed an attacker to inject\nmalicious script into various pages or alter the contents of user\npreferences.\n\nCVE-2011-2023\n\nIt was possible to inject arbitrary web script or HTML via a\ncrafted STYLE element in an HTML part of an e-mail message.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.15-4+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2.\n\nFor the testing (wheezy) and unstable distribution (sid), these problems\nhave been fixed in version 1.4.22-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your squirrelmail packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to squirrelmail\nannounced via advisory DSA 2291-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"2:1.4.15-4+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"2:1.4.21-2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:58", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-02.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-02 (cURL)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2010-0734", "CVE-2012-0036", "CVE-2011-2192"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71186", "href": "http://plugins.openvas.org/nasl.php?oid=71186", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in cURL, the worst of\n which might allow remote execution of arbitrary code.\";\ntag_solution = \"All cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.24.0'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=308645\nhttp://bugs.gentoo.org/show_bug.cgi?id=373235\nhttp://bugs.gentoo.org/show_bug.cgi?id=400799\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-02.\";\n\n \n \nif(description)\n{\n script_id(71186);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-0734\", \"CVE-2011-2192\", \"CVE-2011-3389\", \"CVE-2012-0036\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-02 (cURL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/curl\", unaffected: make_list(\"ge 7.24.0\"), vulnerable: make_list(\"lt 7.24.0\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-02.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-02 (cURL)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2010-0734", "CVE-2012-0036", "CVE-2011-2192"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071186", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071186", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_02.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71186\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-0734\", \"CVE-2011-2192\", \"CVE-2011-3389\", \"CVE-2012-0036\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-02 (cURL)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in cURL, the worst of\n which might allow remote execution of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.24.0'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-02\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=308645\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373235\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=400799\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-02.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/curl\", unaffected: make_list(\"ge 7.24.0\"), vulnerable: make_list(\"lt 7.24.0\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-12-04T14:08:08", "description": "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components :\n\n - Address Book\n - Apache\n - ATS\n - CFNetwork\n - CoreMedia\n - CoreText\n - CoreUI\n - curl\n - Data Security\n - dovecot\n - filecmds\n - ImageIO\n - Internet Sharing\n - Libinfo\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - Subversion\n - Time Machine\n - WebDAV Sharing\n - Webmail\n - X11", "cvss3": {}, "published": "2012-02-02T00:00:00", "type": "nessus", "title": "Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1167", "CVE-2011-1657", "CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921", "CVE-2011-1938", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-2895", "CVE-2011-2937", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3246", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3256", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-3348", "CVE-2011-3389", "CVE-2011-3422", "CVE-2011-3441", "CVE-2011-3444", "CVE-2011-3446", "CVE-2011-3447", "CVE-2011-3448", "CVE-2011-3449", "CVE-2011-3450", "CVE-2011-3452", "CVE-2011-3453", "CVE-2011-3457", "CVE-2011-3458", "CVE-2011-3459", "CVE-2011-3460", "CVE-2011-3462", "CVE-2011-3463"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_7_3.NASL", "href": "https://www.tenable.com/plugins/nessus/57797", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57797);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-1148\",\n \"CVE-2011-1167\",\n \"CVE-2011-1657\",\n \"CVE-2011-1752\",\n \"CVE-2011-1783\",\n \"CVE-2011-1921\",\n \"CVE-2011-1938\",\n \"CVE-2011-2192\",\n \"CVE-2011-2202\",\n \"CVE-2011-2483\",\n \"CVE-2011-2895\",\n \"CVE-2011-2937\",\n \"CVE-2011-3182\",\n \"CVE-2011-3189\",\n \"CVE-2011-3246\",\n \"CVE-2011-3248\",\n \"CVE-2011-3249\",\n \"CVE-2011-3250\",\n \"CVE-2011-3256\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\",\n \"CVE-2011-3328\",\n \"CVE-2011-3348\",\n \"CVE-2011-3389\",\n \"CVE-2011-3422\",\n \"CVE-2011-3441\",\n \"CVE-2011-3444\",\n \"CVE-2011-3446\",\n \"CVE-2011-3447\",\n \"CVE-2011-3448\",\n \"CVE-2011-3449\",\n \"CVE-2011-3450\",\n \"CVE-2011-3452\",\n \"CVE-2011-3453\",\n \"CVE-2011-3457\",\n \"CVE-2011-3458\",\n \"CVE-2011-3459\",\n \"CVE-2011-3460\",\n \"CVE-2011-3462\",\n \"CVE-2011-3463\"\n );\n script_bugtraq_id(\n 46843,\n 46951,\n 47950,\n 48091,\n 48259,\n 48434,\n 49124,\n 49229,\n 49241,\n 49249,\n 49252,\n 49376,\n 49429,\n 49616,\n 49744,\n 49778,\n 50115,\n 50155,\n 50400,\n 50401,\n 50404,\n 50641,\n 51807,\n 51808,\n 51809,\n 51810,\n 51811,\n 51812,\n 51813,\n 51814,\n 51815,\n 51816,\n 51817,\n 51818,\n 51819,\n 51832\n );\n script_xref(name:\"CERT\", value:\"403593\");\n script_xref(name:\"CERT\", value:\"410281\");\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-058\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-103\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-130\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.7.x that is prior\nto 10.7.3. The newer version contains multiple security-related fixes\nfor the following components :\n\n - Address Book\n - Apache\n - ATS\n - CFNetwork\n - CoreMedia\n - CoreText\n - CoreUI\n - curl\n - Data Security\n - dovecot\n - filecmds\n - ImageIO\n - Internet Sharing\n - Libinfo\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - Subversion\n - Time Machine\n - WebDAV Sharing\n - Webmail\n - X11\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-058/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-103/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-130/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Aug/59\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5130\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.7.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(0, \"The 'Host/OS' KB item is missing.\");\n if (\"Mac OS X\" >!< os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-2]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:00:04", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components :\n\n - Apache\n - ATS\n - ColorSync\n - CoreAudio\n - CoreMedia\n - CoreText\n - curl\n - Data Security\n - dovecot\n - filecmds\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - SquirrelMail\n - Subversion\n - Tomcat\n - X11", "cvss3": {}, "published": "2012-02-02T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1637", "CVE-2010-2813", "CVE-2010-4554", "CVE-2010-4555", "CVE-2011-0200", "CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921", "CVE-2011-1938", "CVE-2011-2023", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2204", "CVE-2011-2483", "CVE-2011-2895", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3252", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3348", "CVE-2011-3389", "CVE-2011-3422", "CVE-2011-3446", "CVE-2011-3448", "CVE-2011-3449", "CVE-2011-3453", "CVE-2011-3457", "CVE-2011-3458", "CVE-2011-3459", "CVE-2011-3460"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2012-001.NASL", "href": "https://www.tenable.com/plugins/nessus/57798", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57798);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2010-1637\",\n \"CVE-2010-2813\",\n \"CVE-2010-4554\",\n \"CVE-2010-4555\",\n \"CVE-2011-0200\",\n \"CVE-2011-1148\",\n \"CVE-2011-1657\",\n \"CVE-2011-1752\",\n \"CVE-2011-1783\",\n \"CVE-2011-1921\",\n \"CVE-2011-1938\",\n \"CVE-2011-2023\",\n \"CVE-2011-2192\",\n \"CVE-2011-2202\",\n \"CVE-2011-2204\",\n \"CVE-2011-2483\",\n \"CVE-2011-2895\",\n \"CVE-2011-3182\",\n \"CVE-2011-3189\",\n \"CVE-2011-3248\",\n \"CVE-2011-3249\",\n \"CVE-2011-3250\",\n \"CVE-2011-3252\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\",\n \"CVE-2011-3348\",\n \"CVE-2011-3389\",\n \"CVE-2011-3422\",\n \"CVE-2011-3446\",\n \"CVE-2011-3448\",\n \"CVE-2011-3449\",\n \"CVE-2011-3453\",\n \"CVE-2011-3457\",\n \"CVE-2011-3458\",\n \"CVE-2011-3459\",\n \"CVE-2011-3460\"\n );\n script_bugtraq_id(\n 40291,\n 42399,\n 46843,\n 47950,\n 48091,\n 48259,\n 48416,\n 48434,\n 48456,\n 48648,\n 49124,\n 49241,\n 49249,\n 49252,\n 49376,\n 49429,\n 49616,\n 49778,\n 50065,\n 50400,\n 50401,\n 50404,\n 51807,\n 51808,\n 51809,\n 51811,\n 51812,\n 51814,\n 51817,\n 51832\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-02-03-1\");\n script_xref(name:\"CERT\", value:\"403593\");\n script_xref(name:\"CERT\", value:\"410281\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2012-001 applied. This update contains multiple\nsecurity-related fixes for the following components :\n\n - Apache\n - ATS\n - ColorSync\n - CoreAudio\n - CoreMedia\n - CoreText\n - curl\n - Data Security\n - dovecot\n - filecmds\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - SquirrelMail\n - Subversion\n - Tomcat\n - X11\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-058/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-103/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-130/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Aug/59\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5130\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2012-001 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nif (\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2012\\.00[1-9]|201[3-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages) ||\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2012\\.001(\\.snowleopard)?\\.1\\.1\\.bom\", string:packages)\n) exit(0, \"The host has Security Update 2012-001 or later installed and therefore is not affected.\");\nelse\n{\n if (report_verbosity > 0)\n {\n security_boms = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\", string:packages);\n\n report = '\\n Installed security updates : ';\n if (security_boms) report += str_replace(find:'\\n', replace:'\\n ', string:security_boms);\n else report += 'n/a';\n report += '\\n';\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:41:37", "description": "According to its banner, the version of PHP 5.3.x running on the remote host is prior to 5.3.7. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free vulnerability in substr_replace().\n (CVE-2011-1148)\n\n - A stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - A code execution vulnerability in ZipArchive::addGlob().\n (CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - Multiple NULL pointer dereferences. (CVE-2011-3182)\n\n - An unspecified crash in error_log(). (CVE-2011-3267)\n\n - A buffer overflow in crypt(). (CVE-2011-3268)\n\n - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition.", "cvss3": {}, "published": "2011-08-22T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-3268"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_7.NASL", "href": "https://www.tenable.com/plugins/nessus/55925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55925);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-1148\",\n \"CVE-2011-1657\",\n \"CVE-2011-1938\",\n \"CVE-2011-2202\",\n \"CVE-2011-2483\",\n \"CVE-2011-3182\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\"\n );\n script_bugtraq_id(\n 46843,\n 47950,\n 48259,\n 49241,\n 49249,\n 49252\n );\n script_xref(name:\"EDB-ID\", value:\"17318\");\n script_xref(name:\"EDB-ID\", value:\"17486\");\n\n script_name(english:\"PHP 5.3 < 5.3.7 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.3.x running on the\nremote host is prior to 5.3.7. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A use-after-free vulnerability in substr_replace().\n (CVE-2011-1148)\n\n - A stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - A code execution vulnerability in ZipArchive::addGlob().\n (CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - Multiple NULL pointer dereferences. (CVE-2011-3182)\n\n - An unspecified crash in error_log(). (CVE-2011-3267)\n\n - A buffer overflow in crypt(). (CVE-2011-3268)\n\n - A flaw exists in the php_win32_get_random_bytes()\n function when passing MCRYPT_DEV_URANDOM as source to\n mcrypt_create_iv(). A remote attacker can exploit this\n to cause a denial of service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://securityreason.com/achievement_securityalert/101\");\n script_set_attribute(attribute:\"see_also\", value:\"http://securityreason.com/exploitalert/10738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54939\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_3_7.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP 5.3.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3268\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ '^5(\\\\.3)?$') exit(1, \"The banner for PHP on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\n\nif (version =~ \"^5\\.3\\.[0-6]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:00", "description": "Multiple vulnerabilities has been identified and fixed in php :\n\nUse-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments (CVE-2011-1148).\n\nThe (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND (CVE-2011-1657).\n\nStack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket (CVE-2011-1938).\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a file path injection vulnerability. (CVE-2011-2202).\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483).\n\nPHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\nPHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors (CVE-2011-3267).\n\nBuffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483 (CVE-2011-3268).\n\nThe updated php packages have been upgraded to 5.3.8 which is not vulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.", "cvss3": {}, "published": "2011-11-04T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2011:165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-3268"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-gearman", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-pinba", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sphinx", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-zlib", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-165.NASL", "href": "https://www.tenable.com/plugins/nessus/56707", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:165. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56707);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249, 49252);\n script_xref(name:\"MDVSA\", value:\"2011:165\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2011:165)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in php :\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments\n(CVE-2011-1148).\n\nThe (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions\nin ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to\ncause a denial of service (application crash) via certain flags\narguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND\n(CVE-2011-1657).\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket (CVE-2011-1938).\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a file path injection\nvulnerability. (CVE-2011-2202).\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash (CVE-2011-2483).\n\nPHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\nPHP before 5.3.7 does not properly implement the error_log function,\nwhich allows context-dependent attackers to cause a denial of service\n(application crash) via unspecified vectors (CVE-2011-3267).\n\nBuffer overflow in the crypt function in PHP before 5.3.7 allows\ncontext-dependent attackers to have an unspecified impact via a long\nsalt argument, a different vulnerability than CVE-2011-2483\n(CVE-2011-3268).\n\nThe updated php packages have been upgraded to 5.3.8 which is not\nvulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or\nrebuilt for the new php version.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gearman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pinba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sphinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_php-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libphp5_common5-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-3.1.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-admin-3.1.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bcmath-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bz2-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-calendar-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cgi-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cli-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ctype-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-curl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dba-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-devel-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-doc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dom-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-0.9.6.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-admin-0.9.6.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-enchant-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-exif-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fileinfo-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-filter-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fpm-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ftp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gd-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gearman-0.7.0-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gettext-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gmp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-hash-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-iconv-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-imap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-intl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-json-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ldap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mailparse-2.1.5-8.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mbstring-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcal-0.6-35.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcrypt-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mssql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqli-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-odbc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-openssl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-optimizer-0.1-0.alpha2.8.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pcntl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_dblib-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_mysql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_odbc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_pgsql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_sqlite-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pgsql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-phar-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pinba-0.0.5-2.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-posix-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pspell-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-readline-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-recode-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sasl-0.1.0-33.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-session-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-shmop-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-snmp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-soap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sockets-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sphinx-1.0.4-2.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite3-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ssh2-0.11.2-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sybase_ct-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvmsg-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvsem-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvshm-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tclink-3.4.5-7.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tidy-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-timezonedb-2011.14-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tokenizer-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-translit-0.6.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-vld-0.10.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-wddx-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xattr-1.1.0-13.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xdebug-2.1.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xml-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlreader-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlrpc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlwriter-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xsl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zip-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zlib-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:07", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-19T00:00:00", "type": "nessus", "title": "Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-11528.NASL", "href": "https://www.tenable.com/plugins/nessus/56218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11528.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56218);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11528\");\n\n script_name(english:\"Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?665afecc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06722286\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b071447c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"maniadrive-1.2-32.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-5.3.8-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-eaccelerator-0.9.6.1-9.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:58:24", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1\n\nUpstream announce for 5.3.7:\nhttp://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nphp package now provides both apache modules (for prefork and worker MPM).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-12T00:00:00", "type": "nessus", "title": "Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-11464.NASL", "href": "https://www.tenable.com/plugins/nessus/56150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11464.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56150);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n\n script_name(english:\"Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1\n\nUpstream announce for 5.3.7:\nhttp://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nphp package now provides both apache modules (for prefork and worker\nMPM).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065673.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1686eb9b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065674.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a64ae93c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065675.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d04815a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"maniadrive-1.2-32.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-5.3.8-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-eaccelerator-0.9.6.1-9.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:07", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-19T00:00:00", "type": "nessus", "title": "Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-11537.NASL", "href": "https://www.tenable.com/plugins/nessus/56219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11537.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56219);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11537\");\n\n script_name(english:\"Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4634af29\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d7ceb4d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d9735d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"maniadrive-1.2-32.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-5.3.8-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-eaccelerator-0.9.6.1-9.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:19:45", "description": "The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly generated hashes. Affected users will either have to change their password to store a new hash or the id of the existing hash has to be manually changed to '$2x$' in order to activate a compat mode. Please see the description of the CVE-2011-2483 glibc update for details.\n\nFile uploads could potentially overwrite files owned by the user running php (CVE-2011-2202).\n\nA long salt argument to the crypt function could cause a buffer overflow (CVE-2011-3268)\n\nIncorrect implementation of the error_log function could crash php (CVE-2011-3267)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3267", "CVE-2011-3268"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-hash-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_APACHE2-MOD_PHP5-110907.NASL", "href": "https://www.tenable.com/plugins/nessus/75791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-5113.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75791);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)\");\n script_summary(english:\"Check for the apache2-mod_php5-5113 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The blowfish password hashing implementation did not properly handle\n8-characters in passwords, which made it easier for attackers to crack\nthe hash (CVE-2011-2483). After this update existing hashes with id\n'$2a$' for passwords that contain 8-bit characters will no longer be\ncompatible with newly generated hashes. Affected users will either\nhave to change their password to store a new hash or the id of the\nexisting hash has to be manually changed to '$2x$' in order to\nactivate a compat mode. Please see the description of the\nCVE-2011-2483 glibc update for details.\n\nFile uploads could potentially overwrite files owned by the user\nrunning php (CVE-2011-2202).\n\nA long salt argument to the crypt function could cause a buffer\noverflow (CVE-2011-3268)\n\nIncorrect implementation of the error_log function could crash php\n(CVE-2011-3267)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-mod_php5-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-mod_php5-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bcmath-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bcmath-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bz2-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bz2-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-calendar-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-calendar-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ctype-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ctype-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-curl-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-curl-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dba-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release

Mac OS X Multiple Vulnerabilities (2012-001)

Description

Related