Ubuntu Update for moin, moin1.3 vulnerabilities USN-423-1

2009-03-23T00:00:00
ID OPENVAS:840156
Type openvas
Reporter Copyright (C) 2009 Greenbone Networks GmbH
Modified 2017-12-01T00:00:00

Description

Ubuntu Update for Linux kernel vulnerabilities USN-423-1

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_423_1.nasl 7969 2017-12-01 09:23:16Z santu $
#
# Ubuntu Update for moin, moin1.3 vulnerabilities USN-423-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "A flaw was discovered in MoinMoin's debug reporting sanitizer which
  could lead to a cross-site scripting attack.  By tricking a user into
  viewing a crafted MoinMoin URL, an attacker could execute arbitrary
  JavaScript as the current MoinMoin user, possibly exposing the user's
  authentication information for the domain where MoinMoin was hosted.
  Only Ubuntu Breezy was vulnerable.  (CVE-2007-0901)

  An information leak was discovered in MoinMoin's debug reporting, which
  could expose information about the versions of software running on the
  host system.  MoinMoin administrators can add "show_traceback=0" to
  their site configurations to disable debug tracebacks.  (CVE-2007-0902)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-423-1";
tag_affected = "moin, moin1.3 vulnerabilities on Ubuntu 5.10 ,
  Ubuntu 6.06 LTS ,
  Ubuntu 6.10";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-423-1/");
  script_id(840156);
  script_version("$Revision: 7969 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_xref(name: "USN", value: "423-1");
  script_cve_id("CVE-2007-0901", "CVE-2007-0902");
  script_name( "Ubuntu Update for moin, moin1.3 vulnerabilities USN-423-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU6.06 LTS")
{

  if ((res = isdpkgvuln(pkg:"moinmoin-common", ver:"1.5.2-1ubuntu2.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-moinmoin", ver:"1.5.2-1ubuntu2.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-moinmoin", ver:"1.5.2-1ubuntu2.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU6.10")
{

  if ((res = isdpkgvuln(pkg:"moinmoin-common", ver:"1.5.3-1ubuntu1.2", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-moinmoin", ver:"1.5.3-1ubuntu1.2", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-moinmoin", ver:"1.5.3-1ubuntu1.2", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU5.10")
{

  if ((res = isdpkgvuln(pkg:"moin", ver:"1.2.4-1ubuntu2.2", rls:"UBUNTU5.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"moinmoin-common", ver:"1.3.4-6ubuntu1.5.10", rls:"UBUNTU5.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-moinmoin", ver:"1.3.4-6ubuntu1.5.10", rls:"UBUNTU5.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.3-moinmoin", ver:"1.3.4-6ubuntu1.5.10", rls:"UBUNTU5.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-moinmoin", ver:"1.3.4-6ubuntu1.5.10", rls:"UBUNTU5.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}