Lucene search
Copyright (c) 2012 Greenbone Networks GmbHOPENVAS:831592HistoryAug 03, 2012 - 12:00 a.m.
Mandriva Update for rpm MDVSA-2012:056 (rpm)
2012-08-0300:00:00
Copyright (c) 2012 Greenbone Networks GmbH
plugins.openvas.org
8
0.056 Low
EPSS
Percentile
92.5%
Check for the Version of rpm
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for rpm MDVSA-2012:056 (rpm)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Multiple flaws were found in the way RPM parsed package file
headers. An attacker could create a specially-crafted RPM package that,
when its package header was accessed, or during package signature
verification, could cause an application using the RPM library
to crash or, potentially, execute arbitrary code (CVE-2012-0060,
CVE-2012-0061, CVE-2012-0815).
The updated packages have been patched to correct this issue.";
tag_affected = "rpm on Mandriva Enterprise Server 5.2,
Mandriva Linux 2010.1";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:056");
script_id(831592);
script_version("$Revision: 8245 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $");
script_tag(name:"creation_date", value:"2012-08-03 09:52:19 +0530 (Fri, 03 Aug 2012)");
script_cve_id("CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "MDVSA", value: "2012:056");
script_name("Mandriva Update for rpm MDVSA-2012:056 (rpm)");
script_tag(name: "summary" , value: "Check for the Version of rpm");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_mes5.2")
{
if ((res = isrpmvuln(pkg:"libpopt0", rpm:"libpopt0~1.10.8~32.6mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libpopt-devel", rpm:"libpopt-devel~1.10.8~32.6mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"librpm4.4", rpm:"librpm4.4~4.4.2.3~20.6mnb2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"librpm-devel", rpm:"librpm-devel~4.4.2.3~20.6mnb2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"popt-data", rpm:"popt-data~1.10.8~32.6mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-rpm", rpm:"python-rpm~4.4.2.3~20.6mnb2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"rpm", rpm:"rpm~4.4.2.3~20.6mnb2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"rpm-build", rpm:"rpm-build~4.4.2.3~20.6mnb2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64popt0", rpm:"lib64popt0~1.10.8~32.6mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64popt-devel", rpm:"lib64popt-devel~1.10.8~32.6mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64rpm4.4", rpm:"lib64rpm4.4~4.4.2.3~20.6mnb2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64rpm-devel", rpm:"lib64rpm-devel~4.4.2.3~20.6mnb2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"librpm4.6", rpm:"librpm4.6~4.6.0~14.3mnb2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"librpm-devel", rpm:"librpm-devel~4.6.0~14.3mnb2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-rpm", rpm:"python-rpm~4.6.0~14.3mnb2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"rpm", rpm:"rpm~4.6.0~14.3mnb2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"rpm-build", rpm:"rpm-build~4.6.0~14.3mnb2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64rpm4.6", rpm:"lib64rpm4.6~4.6.0~14.3mnb2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64rpm-devel", rpm:"lib64rpm-devel~4.6.0~14.3mnb2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
openvas
openvas
Fedora Update for rpm FEDORA-2012-5421
2012-04-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-61)
2015-09-08 00:00:00
CentOS Update for popt CESA-2012:0451 centos5
2012-07-30 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)
2012-04-12 00:00:00
Fedora 16 : rpm-4.9.1.3-1.fc16 (2012-5421)
2012-04-23 00:00:00
redhat
redhat
(RHSA-2012:0451) Important: rpm security update
2012-04-03 00:00:00
(RHSA-2012:0531) Important: rhev-hypervisor6 security and bug fix update
2012-04-30 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rpm-4.9.1.3-1.fc17
2012-04-12 03:27:10
[SECURITY] Fedora 16 Update: rpm-4.9.1.3-1.fc16
2012-04-22 03:42:55
[SECURITY] Fedora 15 Update: rpm-4.9.1.3-1.fc15
2012-04-22 03:24:37
amazon
amazon
Important: rpm
2012-04-05 12:49:00
oraclelinux
oraclelinux
rpm security update
2012-04-03 00:00:00
centos
centos
popt, rpm security update
2012-04-03 17:07:58
ubuntu
ubuntu
RPM vulnerabilities
2013-01-17 00:00:00
osv
osv
rpm - security update
2015-01-28 00:00:00
debian
debian
[SECURITY] [DLA 140-1] rpm security update
2015-01-28 18:07:09
gentoo
gentoo
RPM: Multiple vulnerabilities
2012-06-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:10:31
Arbitrary Code Execution
2020-04-10 01:10:31
Arbitrary Code Execution
2020-04-10 01:10:31
ubuntucve
ubuntucve
cve
cve
prion
prion
Design/Logic Flaw
2012-06-04 20:55:00
Hardcoded credentials
2012-06-04 20:55:00
Hardcoded credentials
2012-06-04 20:55:00
debiancve
debiancve
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00