Search...

Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)

2013-04-02T00:00:00

ID OPENVAS:803357
Type openvas
Reporter Copyright (c) 2013 Greenbone Networks GmbH
Modified 2017-05-10T00:00:00

Description

The host is running Google Chrome and is prone to denial of service vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_google_chrome_dos_vuln_apr13_macosx.nasl 6093 2017-05-10 09:03:18Z teissa $
#
# Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)
#
# Authors:
# Arun Kallavi &lt;karun@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation could allow attackers to cause denial-of-service.
  Impact Level: Application";

tag_affected = "Google Chrome version prior to 27.0.1444.3 on MAC OS X";
tag_insight = "User-supplied input is not properly sanitized when parsing JavaScript in
  'Google V8' JavaScript Engine.";
tag_solution = "Upgrade to the Google Chrome 27.0.1444.3 or later,
  For updates refer to http://www.google.com/chrome";
tag_summary = "The host is running Google Chrome and is prone to denial of
  service vulnerability.";

if(description)
{
  script_id(803357);
  script_version("$Revision: 6093 $");
  script_cve_id("CVE-2013-2632");
  script_bugtraq_id(58697);
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"$Date: 2017-05-10 11:03:18 +0200 (Wed, 10 May 2017) $");
  script_tag(name:"creation_date", value:"2013-04-02 11:31:23 +0530 (Tue, 02 Apr 2013)");
  script_name("Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)");
  script_xref(name : "URL" , value : "http://cxsecurity.com/cveshow/CVE-2013-2632");
  script_xref(name : "URL" , value : "http://googlechromereleases.blogspot.in/2013/03/dev-channel-update_18.html");
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
  script_category(ACT_GATHER_INFO);
  script_family("Denial of Service");
  script_dependencies("gb_google_chrome_detect_macosx.nasl");
  script_mandatory_keys("GoogleChrome/MacOSX/Version");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("version_func.inc");

## Variable Initialization
chromeVer = "";

## Get the version from KB
chromeVer = get_kb_item("GoogleChrome/MacOSX/Version");
if(!chromeVer){
  exit(0);
}

## Check for Google Chrome Version less than 27.0.1444.3
if(version_is_less(version:chromeVer, test_version:"27.0.1444.3"))
{
  security_message(0);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:803357", "type": "openvas", "bulletinFamily": "scanner", "title": "Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)", "description": "The host is running Google Chrome and is prone to denial of\n service vulnerability.", "published": "2013-04-02T00:00:00", "modified": "2017-05-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=803357", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["http://cxsecurity.com/cveshow/CVE-2013-2632", "http://googlechromereleases.blogspot.in/2013/03/dev-channel-update_18.html"], "cvelist": ["CVE-2013-2632"], "lastseen": "2017-07-02T21:11:14", "viewCount": 0, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2017-07-02T21:11:14", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2632"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310803357", "OPENVAS:865530", "OPENVAS:1361412562310865531", "OPENVAS:803355", "OPENVAS:1361412562310803355", "OPENVAS:1361412562310803356", "OPENVAS:866459", "OPENVAS:865531", "OPENVAS:803356", "OPENVAS:1361412562310865530"]}, {"type": "nessus", "idList": ["FEDORA_2012-20578.NASL"]}], "modified": "2017-07-02T21:11:14", "rev": 2}, "vulnersScore": 5.6}, "pluginID": "803357", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_dos_vuln_apr13_macosx.nasl 6093 2017-05-10 09:03:18Z teissa $\n#\n# Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause denial-of-service.\n Impact Level: Application\";\n\ntag_affected = \"Google Chrome version prior to 27.0.1444.3 on MAC OS X\";\ntag_insight = \"User-supplied input is not properly sanitized when parsing JavaScript in\n 'Google V8' JavaScript Engine.\";\ntag_solution = \"Upgrade to the Google Chrome 27.0.1444.3 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(803357);\n script_version(\"$Revision: 6093 $\");\n script_cve_id(\"CVE-2013-2632\");\n script_bugtraq_id(58697);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-10 11:03:18 +0200 (Wed, 10 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 11:31:23 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://cxsecurity.com/cveshow/CVE-2013-2632\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/03/dev-channel-update_18.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 27.0.1444.3\nif(version_is_less(version:chromeVer, test_version:\"27.0.1444.3\"))\n{\n security_message(0);\n exit(0);\n}\n", "naslFamily": "Denial of Service"}

{"cve": [{"lastseen": "2021-02-02T06:06:52", "description": "Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.", "edition": 6, "cvss3": {}, "published": "2013-03-21T21:55:00", "title": "CVE-2013-2632", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2632"], "modified": "2013-04-09T04:00:00", "cpe": ["cpe:/a:google:v8:3.17.3", "cpe:/a:google:v8:3.17.1", "cpe:/a:google:v8:3.17.5", "cpe:/a:google:v8:3.17.6", "cpe:/a:google:v8:3.17.8", "cpe:/a:google:v8:3.17.7", "cpe:/a:google:v8:3.17.11", "cpe:/a:google:v8:3.17.4", "cpe:/a:google:v8:3.17.12", "cpe:/a:google:v8:3.17.0", "cpe:/a:google:v8:3.17.2", "cpe:/a:google:v8:3.17.10", "cpe:/a:google:chrome:27.0.1444.0", "cpe:/a:google:v8:3.17.9"], "id": "CVE-2013-2632", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2632", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:v8:3.17.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:27.0.1444.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.17.10:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:11:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2632"], "description": "The host is running Google Chrome and is prone to denial of\n service vulnerability.", "modified": "2017-05-08T00:00:00", "published": "2013-04-02T00:00:00", "id": "OPENVAS:803356", "href": "http://plugins.openvas.org/nasl.php?oid=803356", "type": "openvas", "title": "Google Chrome Denial of Service Vulnerability - April 13 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_dos_vuln_apr13_lin.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# Google Chrome Denial of Service Vulnerability - April 13 (Linux)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause denial-of-service.\n Impact Level: Application\";\n\ntag_affected = \"Google Chrome version prior to 27.0.1444.3 on Linux\";\ntag_insight = \"User-supplied input is not properly sanitized when parsing JavaScript in\n 'Google V8' JavaScript Engine.\";\ntag_solution = \"Upgrade to the Google Chrome 27.0.1444.3 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(803356);\n script_version(\"$Revision: 6079 $\");\n script_cve_id(\"CVE-2013-2632\");\n script_bugtraq_id(58697);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 11:17:26 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Denial of Service Vulnerability - April 13 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://cxsecurity.com/cveshow/CVE-2013-2632\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/03/dev-channel-update_18.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 27.0.1444.3\nif(version_is_less(version:chromeVer, test_version:\"27.0.1444.3\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-23T19:05:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2632"], "description": "The host is running Google Chrome and is prone to denial of\n service vulnerability.", "modified": "2020-04-21T00:00:00", "published": "2013-04-02T00:00:00", "id": "OPENVAS:1361412562310803357", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803357", "type": "openvas", "title": "Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803357\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2632\");\n script_bugtraq_id(58697);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 11:31:23 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Denial of Service Vulnerability - April 13 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://cxsecurity.com/cveshow/CVE-2013-2632\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/03/dev-channel-update_18.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause denial-of-service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 27.0.1444.3 on MAC OS X\");\n script_tag(name:\"insight\", value:\"User-supplied input is not properly sanitized when parsing JavaScript in\n 'Google V8' JavaScript Engine.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 27.0.1444.3 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to denial of\n service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"27.0.1444.3\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"27.0.1444.3\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2632"], "description": "The host is running Google Chrome and is prone to denial of\n service vulnerability.", "modified": "2020-04-21T00:00:00", "published": "2013-04-02T00:00:00", "id": "OPENVAS:1361412562310803355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803355", "type": "openvas", "title": "Google Chrome Denial of Service Vulnerability - April 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Denial of Service Vulnerability - April 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803355\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2632\");\n script_bugtraq_id(58697);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 11:02:05 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Denial of Service Vulnerability - April 13 (Windows)\");\n script_xref(name:\"URL\", value:\"http://cxsecurity.com/cveshow/CVE-2013-2632\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/03/dev-channel-update_18.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause denial-of-service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 27.0.1444.3 on Windows\");\n script_tag(name:\"insight\", value:\"User-supplied input is not properly sanitized when parsing JavaScript in\n 'Google V8' JavaScript Engine.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 27.0.1444.3 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to denial of\n service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"27.0.1444.3\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"27.0.1444.3\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:11:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2632"], "description": "The host is running Google Chrome and is prone to denial of\n service vulnerability.", "modified": "2017-05-12T00:00:00", "published": "2013-04-02T00:00:00", "id": "OPENVAS:803355", "href": "http://plugins.openvas.org/nasl.php?oid=803355", "type": "openvas", "title": "Google Chrome Denial of Service Vulnerability - April 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_dos_vuln_apr13_win.nasl 6115 2017-05-12 09:03:25Z teissa $\n#\n# Google Chrome Denial of Service Vulnerability - April 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause denial-of-service.\n Impact Level: Application\";\n\ntag_affected = \"Google Chrome version prior to 27.0.1444.3 on Windows\";\ntag_insight = \"User-supplied input is not properly sanitized when parsing JavaScript in\n 'Google V8' JavaScript Engine.\";\ntag_solution = \"Upgrade to the Google Chrome 27.0.1444.3 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(803355);\n script_version(\"$Revision: 6115 $\");\n script_cve_id(\"CVE-2013-2632\");\n script_bugtraq_id(58697);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-12 11:03:25 +0200 (Fri, 12 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 11:02:05 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Denial of Service Vulnerability - April 13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://cxsecurity.com/cveshow/CVE-2013-2632\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/03/dev-channel-update_18.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 27.0.1444.3\nif(version_is_less(version:chromeVer, test_version:\"27.0.1444.3\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-23T19:05:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2632"], "description": "The host is running Google Chrome and is prone to denial of\n service vulnerability.", "modified": "2020-04-21T00:00:00", "published": "2013-04-02T00:00:00", "id": "OPENVAS:1361412562310803356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803356", "type": "openvas", "title": "Google Chrome Denial of Service Vulnerability - April 13 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Denial of Service Vulnerability - April 13 (Linux)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803356\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2632\");\n script_bugtraq_id(58697);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 11:17:26 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Denial of Service Vulnerability - April 13 (Linux)\");\n script_xref(name:\"URL\", value:\"http://cxsecurity.com/cveshow/CVE-2013-2632\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/03/dev-channel-update_18.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause denial-of-service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 27.0.1444.3 on Linux\");\n script_tag(name:\"insight\", value:\"User-supplied input is not properly sanitized when parsing JavaScript in\n 'Google V8' JavaScript Engine.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 27.0.1444.3 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to denial of\n service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"27.0.1444.3\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"27.0.1444.3\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:51:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0836", "CVE-2013-2632", "CVE-2012-5153"], "description": "Check for the Version of libuv", "modified": "2017-07-10T00:00:00", "published": "2013-04-08T00:00:00", "id": "OPENVAS:865531", "href": "http://plugins.openvas.org/nasl.php?oid=865531", "type": "openvas", "title": "Fedora Update for libuv FEDORA-2012-20578", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libuv FEDORA-2012-20578\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"libuv on Fedora 18\";\ntag_insight = \"libuv is a new platform layer for Node. Its purpose is to abstract IOCP on\n Windows and libev on Unix systems. We intend to eventually contain all platform\n differences in this library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865531);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-08 10:32:47 +0530 (Mon, 08 Apr 2013)\");\n script_cve_id(\"CVE-2012-5153\", \"CVE-2013-0836\", \"CVE-2013-2632\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libuv FEDORA-2012-20578\");\n\n script_xref(name: \"FEDORA\", value: \"2012-20578\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101469.html\");\n script_summary(\"Check for the Version of libuv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libuv\", rpm:\"libuv~0.10.3~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-24T11:09:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0836", "CVE-2013-2632", "CVE-2012-5153"], "description": "Check for the Version of nodejs", "modified": "2018-01-24T00:00:00", "published": "2013-04-08T00:00:00", "id": "OPENVAS:865530", "href": "http://plugins.openvas.org/nasl.php?oid=865530", "type": "openvas", "title": "Fedora Update for nodejs FEDORA-2012-20578", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs FEDORA-2012-20578\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"nodejs on Fedora 18\";\ntag_insight = \"Node.js is a platform built on Chrome's JavaScript runtime\n for easily building fast, scalable network applications.\n Node.js uses an event-driven, non-blocking I/O model that\n makes it lightweight and efficient, perfect for data-intensive\n real-time applications that run across distributed devices.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865530);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-08 10:32:26 +0530 (Mon, 08 Apr 2013)\");\n script_cve_id(\"CVE-2012-5153\", \"CVE-2013-0836\", \"CVE-2013-2632\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for nodejs FEDORA-2012-20578\");\n\n script_xref(name: \"FEDORA\", value: \"2012-20578\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101468.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of nodejs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~0.10.2~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0836", "CVE-2013-2632", "CVE-2012-5153"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-04-08T00:00:00", "id": "OPENVAS:1361412562310865530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865530", "type": "openvas", "title": "Fedora Update for nodejs FEDORA-2012-20578", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs FEDORA-2012-20578\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865530\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-08 10:32:26 +0530 (Mon, 08 Apr 2013)\");\n script_cve_id(\"CVE-2012-5153\", \"CVE-2013-0836\", \"CVE-2013-2632\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for nodejs FEDORA-2012-20578\");\n script_xref(name:\"FEDORA\", value:\"2012-20578\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101468.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"nodejs on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~0.10.2~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0836", "CVE-2013-2632", "CVE-2012-5153"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-04-08T00:00:00", "id": "OPENVAS:1361412562310865531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865531", "type": "openvas", "title": "Fedora Update for libuv FEDORA-2012-20578", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libuv FEDORA-2012-20578\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865531\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-08 10:32:47 +0530 (Mon, 08 Apr 2013)\");\n script_cve_id(\"CVE-2012-5153\", \"CVE-2013-0836\", \"CVE-2013-2632\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libuv FEDORA-2012-20578\");\n script_xref(name:\"FEDORA\", value:\"2012-20578\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101469.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libuv'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"libuv on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libuv\", rpm:\"libuv~0.10.3~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2632", "CVE-2012-5128", "CVE-2012-5120"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-16T00:00:00", "id": "OPENVAS:1361412562310866459", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866459", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2013-14205", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2013-14205\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866459\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-16 08:58:59 +0530 (Fri, 16 Aug 2013)\");\n script_cve_id(\"CVE-2013-2882\", \"CVE-2013-2632\", \"CVE-2012-5120\", \"CVE-2012-5128\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for v8 FEDORA-2013-14205\");\n\n\n script_tag(name:\"affected\", value:\"v8 on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14205\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114077.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'v8'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:10:23", "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily\nbuilding fast, scalable network applications. Node.js uses an\nevent-driven, non-blocking I/O model that makes it lightweight and\nefficient, perfect for data-intensive real-time applications that run\nacross distributed devices.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-04-07T00:00:00", "title": "Fedora 18 : libuv-0.10.3-1.fc18 / nodejs-0.10.2-1.fc18 / v8-3.14.5.8-1.fc18 (2012-20578)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0836", "CVE-2013-2632", "CVE-2012-5153"], "modified": "2013-04-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nodejs", "cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:v8", "p-cpe:/a:fedoraproject:fedora:libuv"], "id": "FEDORA_2012-20578.NASL", "href": "https://www.tenable.com/plugins/nessus/65823", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20578.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65823);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5153\", \"CVE-2013-0836\", \"CVE-2013-2632\");\n script_bugtraq_id(57251, 58697);\n script_xref(name:\"FEDORA\", value:\"2012-20578\");\n\n script_name(english:\"Fedora 18 : libuv-0.10.3-1.fc18 / nodejs-0.10.2-1.fc18 / v8-3.14.5.8-1.fc18 (2012-20578)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Node.js is a platform built on Chrome's JavaScript runtime for easily\nbuilding fast, scalable network applications. Node.js uses an\nevent-driven, non-blocking I/O model that makes it lightweight and\nefficient, perfect for data-intensive real-time applications that run\nacross distributed devices.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=896266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=896272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=924495\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101468.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68b7726e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101469.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e702e92e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101470.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe686902\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libuv, nodejs and / or v8 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libuv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libuv-0.10.3-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-0.10.2-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"v8-3.14.5.8-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libuv / nodejs / v8\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5153", "CVE-2013-0836", "CVE-2013-2632"], "description": "libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all plat form differences in this library. ", "modified": "2013-04-05T23:03:21", "published": "2013-04-05T23:03:21", "id": "FEDORA:B9F12213A5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: libuv-0.10.3-1.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5153", "CVE-2013-0836", "CVE-2013-2632"], "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ", "modified": "2013-04-05T23:03:21", "published": "2013-04-05T23:03:21", "id": "FEDORA:A851121391", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-0.10.2-1.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5120", "CVE-2012-5128", "CVE-2013-2632", "CVE-2013-2882"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2013-08-15T03:02:47", "published": "2013-08-15T03:02:47", "id": "FEDORA:0DE4E219DC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: v8-3.14.5.10-2.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5120", "CVE-2012-5128", "CVE-2012-5153", "CVE-2013-0836", "CVE-2013-2632"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2013-04-05T23:03:21", "published": "2013-04-05T23:03:21", "id": "FEDORA:98DDD21363", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: v8-3.14.5.8-1.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5120", "CVE-2012-5128", "CVE-2013-2632", "CVE-2013-2882", "CVE-2013-6639", "CVE-2013-6640"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2013-12-24T03:41:57", "published": "2013-12-24T03:41:57", "id": "FEDORA:049E020A07", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: v8-3.14.5.10-3.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}