Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone Networks GmbHOPENVAS:830020
HistoryApr 09, 2009 - 12:00 a.m.

Mandriva Update for gnucash MDKSA-2007:046 (gnucash)

2009-04-0900:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
10

0.0004 Low

EPSS

Percentile

5.1%

JSON

Check for the Version of gnucash

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for gnucash MDKSA-2007:046 (gnucash)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Gnucash 2.0.4 and earlier allows local users to overwrite arbitrary
  files via a symlink attack on the (1) gnucash.trace, (2) qof.trace,
  and (3) qof.trace.[PID] temporary files.

  Updated package have been patched to correct this issue.";

tag_affected = "gnucash on Mandriva Linux 2007.0,
  Mandriva Linux 2007.0/X86_64";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2007-02/msg00017.php");
  script_id(830020);
  script_version("$Revision: 6568 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)");
  script_tag(name:"cvss_base", value:"3.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:P/A:P");
  script_xref(name: "MDKSA", value: "2007:046");
  script_cve_id("CVE-2007-0007");
  script_name( "Mandriva Update for gnucash MDKSA-2007:046 (gnucash)");

  script_summary("Check for the Version of gnucash");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2007.0")
{

  if ((res = isrpmvuln(pkg:"gnucash", rpm:"gnucash~2.0.1~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"gnucash-hbci", rpm:"gnucash-hbci~2.0.1~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"gnucash-ofx", rpm:"gnucash-ofx~2.0.1~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"gnucash-sql", rpm:"gnucash-sql~2.0.1~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libgnucash0", rpm:"libgnucash0~2.0.1~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libgnucash0-devel", rpm:"libgnucash0-devel~2.0.1~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64gnucash0", rpm:"lib64gnucash0~2.0.1~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64gnucash0-devel", rpm:"lib64gnucash0-devel~2.0.1~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

nessus 2
openvas 3
debiancve 1
nvd 1
ubuntucve 1
cve 1
securityvulns 2
fedora 1
cvelist 1
prion 1
nessus
nessus
Mandrake Linux Security Advisory : gnucash (MDKSA-2007:046)
2007-02-22 00:00:00
Fedora Core 6 : gnucash-2.0.5-1.fc6 (2007-256)
2007-02-28 00:00:00
openvas
openvas
Mandriva Update for gnucash MDKSA-2007:046 (gnucash)
2009-04-09 00:00:00
Fedora Update for gnucash FEDORA-2007-256
2009-02-27 00:00:00
Fedora Update for gnucash FEDORA-2007-256
2009-02-27 00:00:00
debiancve
debiancve
CVE-2007-0007
2007-02-20 02:28:00
nvd
nvd
CVE-2007-0007
2007-02-20 02:28:00
ubuntucve
ubuntucve
CVE-2007-0007
2007-02-20 00:00:00
cve
cve
CVE-2007-0007
2007-02-20 02:28:00
securityvulns
securityvulns
gnucash symbolic links vulnerability
2007-02-21 00:00:00
[ MDKSA-2007:046 ] - Updated gnucash packages fix temp file issues.
2007-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: gnucash-2.0.5-1.fc6
2007-02-27 16:49:28
cvelist
cvelist
CVE-2007-0007
2007-02-19 17:00:00
prion
prion
Design/Logic Flaw
2007-02-20 02:28:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for OPENVAS:830020
nessus2openvas3debiancve1nvd1ubuntucve1cve1securityvulns2fedora1cvelist1prion1