Lucene search
Copyright (c) 2011 Greenbone Networks GmbHOPENVAS:831513HistoryDec 23, 2011 - 12:00 a.m.
Mandriva Update for libarchive MDVSA-2011:190 (libarchive)
2011-12-2300:00:00
Copyright (c) 2011 Greenbone Networks GmbH
plugins.openvas.org
5
0.016 Low
EPSS
Percentile
85.9%
Check for the Version of libarchive
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for libarchive MDVSA-2011:190 (libarchive)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Two heap-based buffer overflow flaws were discovered in libarchive. If
a user were tricked into expanding a specially-crafted ISO 9660
CD-ROM image or tar archive with an application using libarchive,
it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2011-1777, CVE-2011-1778).
The updated packages have been patched to correct these issues.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "libarchive on Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2011-12/msg00015.php");
script_id(831513);
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_version("$Revision: 6570 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $");
script_tag(name:"creation_date", value:"2011-12-23 10:36:08 +0530 (Fri, 23 Dec 2011)");
script_xref(name: "MDVSA", value: "2011:190");
script_cve_id("CVE-2011-1777", "CVE-2011-1778");
script_name("Mandriva Update for libarchive MDVSA-2011:190 (libarchive)");
script_summary("Check for the Version of libarchive");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"bsdcpio", rpm:"bsdcpio~2.8.3~1.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"bsdtar", rpm:"bsdtar~2.8.3~1.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libarchive2", rpm:"libarchive2~2.8.3~1.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libarchive-devel", rpm:"libarchive-devel~2.8.3~1.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libarchive", rpm:"libarchive~2.8.3~1.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64archive2", rpm:"lib64archive2~2.8.3~1.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64archive-devel", rpm:"lib64archive-devel~2.8.3~1.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
nessus
nessus
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libarchive vulnerabilities (USN-1310-1)
2011-12-20 00:00:00
Debian DSA-2413-1 : libarchive - buffer overflows
2012-02-21 00:00:00
Mandriva Linux Security Advisory : libarchive (MDVSA-2011:190)
2011-12-19 00:00:00
ubuntu
ubuntu
libarchive vulnerabilities
2011-12-19 00:00:00
openvas
openvas
Mandriva Update for libarchive MDVSA-2011:190 (libarchive)
2011-12-23 00:00:00
Debian: Security Advisory (DSA-2413-1)
2012-03-12 00:00:00
Ubuntu Update for libarchive USN-1310-1
2011-12-23 00:00:00
oraclelinux
oraclelinux
libarchive security update
2011-12-01 00:00:00
debian
debian
[SECURITY] [DSA 2413-1] libarchive security update
2012-02-20 20:52:03
redhat
redhat
(RHSA-2011:1507) Moderate: libarchive security update
2011-12-01 00:00:00
gentoo
gentoo
libarchive: Multiple vulnerabilities
2014-06-01 00:00:00
securityvulns
securityvulns
libarchive library buffer overflow
2011-12-26 00:00:00
[ MDVSA-2011:191 ] libarchive
2011-12-26 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-08-20 00:00:00
ubuntucve
ubuntucve
CVE-2011-1777
2011-12-02 00:00:00
CVE-2011-1778
2011-12-02 00:00:00
cve
cve
CVE-2011-1777
2012-04-13 20:55:00
CVE-2011-1778
2012-04-13 20:55:00
debiancve
debiancve
CVE-2011-1778
2012-04-13 20:55:00
CVE-2011-1777
2012-04-13 20:55:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:06:53
Arbitrary Code Execution
2020-04-10 01:06:53
prion
prion
Buffer overflow
2012-04-13 20:55:00
Buffer overflow
2012-04-13 20:55:00