Mandriva Update for freeciv MDVSA-2010:205 (freeciv)

Mandriva Update for freeciv MDVSA-2010:205 (freeciv) - A vulnerability was discovered and corrected in freeciv affecting Mandriva Linux 2010.0 and Mandriva Linux 2010.1, allowing attackers to read arbitrary files or execute arbitrary commands via scenario containing Lua functionality

Reporter	Title	Published	Views	Family All 29
CVE	CVE-2010-2445	7 Jul 201018:00	–	cve
Cvelist	CVE-2010-2445	7 Jul 201018:00	–	cvelist
Debian CVE	CVE-2010-2445	7 Jul 201018:00	–	debiancve
EUVD	EUVD-2010-2454	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 14 Update: freeciv-2.2.2-1.fc14	19 Aug 201001:11	–	fedora
Fedora	[SECURITY] Fedora 12 Update: freeciv-2.2.2-1.fc12	20 Aug 201001:31	–	fedora
Fedora	[SECURITY] Fedora 13 Update: freeciv-2.2.2-1.fc13	20 Aug 201002:24	–	fedora
Tenable Nessus	Fedora 13 : freeciv-2.2.2-1.fc13 (2010-12256)	20 Aug 201000:00	–	nessus
Tenable Nessus	Fedora 12 : freeciv-2.2.2-1.fc12 (2010-12262)	20 Aug 201000:00	–	nessus
Tenable Nessus	Fedora 14 : freeciv-2.2.2-1.fc14 (2010-12371)	19 Aug 201000:00	–	nessus

Source	Link
lists	www.lists.mandriva.com/security-announce/2010-10/msg00026.php

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for freeciv MDVSA-2010:205 (freeciv)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "A vulnerability was discovered and corrected in freeciv:

  freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to
  read arbitrary files or execute arbitrary commands via scenario
  that contains Lua functionality, related to the (1) os, (2) io, (3)
  package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)
  require modules or functions (CVE-2010-2445).
  
  The updated packages have been upgraded to v2.2.1 which is not
  vulnerable to this issue.";
tag_solution = "Please Install the Updated Packages.";

tag_affected = "freeciv on Mandriva Linux 2010.0,
  Mandriva Linux 2010.0/X86_64,
  Mandriva Linux 2010.1,
  Mandriva Linux 2010.1/X86_64";


if(description)
{
  script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-10/msg00026.php");
  script_id(831209);
  script_version("$Revision: 8245 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $");
  script_tag(name:"creation_date", value:"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name: "MDVSA", value: "2010:205");
  script_cve_id("CVE-2010-2445");
  script_name("Mandriva Update for freeciv MDVSA-2010:205 (freeciv)");

  script_tag(name: "summary" , value: "Check for the Version of freeciv");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2010.1")
{

  if ((res = isrpmvuln(pkg:"freeciv-client", rpm:"freeciv-client~2.2.1~0.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freeciv-data", rpm:"freeciv-data~2.2.1~0.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freeciv-server", rpm:"freeciv-server~2.2.1~0.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freeciv", rpm:"freeciv~2.2.1~0.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_2010.0")
{

  if ((res = isrpmvuln(pkg:"freeciv-client", rpm:"freeciv-client~2.2.1~0.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freeciv-data", rpm:"freeciv-data~2.2.1~0.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freeciv-server", rpm:"freeciv-server~2.2.1~0.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freeciv", rpm:"freeciv~2.2.1~0.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

26 Dec 2017 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.01199