ID OPENVAS:841093 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2017-12-01T00:00:00
Description
Ubuntu Update for Linux kernel vulnerabilities USN-1517-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1517_1.nasl 7960 2017-12-01 06:58:16Z santu $
#
# Ubuntu Update for mono USN-1517-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "It was discovered that the Mono System.Web library incorrectly filtered
certain error messages related to forbidden files. If a user were tricked
into opening a specially crafted URL, an attacker could possibly exploit
this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3382)
It was discovered that the Mono System.Web library incorrectly handled the
EnableViewStateMac property. If a user were tricked into opening a
specially crafted URL, an attacker could possibly exploit this to conduct
cross-site scripting (XSS) attacks. This issue only affected Ubuntu
10.04 LTS. (CVE-2010-1459)";
tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-1517-1";
tag_affected = "mono on Ubuntu 12.04 LTS ,
Ubuntu 11.10 ,
Ubuntu 11.04 ,
Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1517-1/");
script_id(841093);
script_version("$Revision: 7960 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2012-07-26 11:10:18 +0530 (Thu, 26 Jul 2012)");
script_cve_id("CVE-2012-3382", "CVE-2010-1459");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_xref(name: "USN", value: "1517-1");
script_name("Ubuntu Update for mono USN-1517-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libmono-system-web1.0-cil", ver:"2.4.4~svn151842-1ubuntu4.1", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libmono-system-web2.0-cil", ver:"2.4.4~svn151842-1ubuntu4.1", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libmono-system-web2.0-cil", ver:"2.10.8.1-1ubuntu2.2", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libmono-system-web4.0-cil", ver:"2.10.8.1-1ubuntu2.2", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU11.10")
{
if ((res = isdpkgvuln(pkg:"libmono-system-web2.0-cil", ver:"2.10.5-1ubuntu0.1", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libmono-system-web4.0-cil", ver:"2.10.5-1ubuntu0.1", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU11.04")
{
if ((res = isdpkgvuln(pkg:"libmono-system-web1.0-cil", ver:"2.6.7-5ubuntu3.1", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libmono-system-web2.0-cil", ver:"2.6.7-5ubuntu3.1", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:841093", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for mono USN-1517-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1517-1", "published": "2012-07-26T00:00:00", "modified": "2017-12-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841093", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["1517-1", "http://www.ubuntu.com/usn/usn-1517-1/"], "cvelist": ["CVE-2012-3382", "CVE-2010-1459"], "lastseen": "2017-12-04T11:20:12", "viewCount": 1, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2017-12-04T11:20:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3382", "CVE-2010-1459"]}, {"type": "openvas", "idList": ["OPENVAS:862245", "OPENVAS:1361412562310862251", "OPENVAS:1361412562310841093", "OPENVAS:1361412562310862249", "OPENVAS:862240", "OPENVAS:1361412562310862244", "OPENVAS:1361412562310862240", "OPENVAS:862251", "OPENVAS:1361412562310862243", "OPENVAS:1361412562310862245"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1517-1.NASL", "SUSE_11_2_BYTEFX-DATA-MYSQL-100426.NASL", "SUSE_11_BYTEFX-DATA-MYSQL-120713.NASL", "FEDORA_2010-10332.NASL", "SUSE_11_BYTEFX-DATA-MYSQL-100422.NASL", "SUSE_11_0_BYTEFX-DATA-MYSQL-100422.NASL", "FEDORA_2010-10433.NASL", "MANDRIVA_MDVSA-2012-140.NASL", "OPENSUSE-2012-498.NASL", "SUSE_11_1_BYTEFX-DATA-MYSQL-100422.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2512-1:0332D"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12566", "SECURITYVULNS:DOC:28306", "SECURITYVULNS:VULN:12480", "SECURITYVULNS:DOC:28495"]}, {"type": "ubuntu", "idList": ["USN-1517-1"]}], "modified": "2017-12-04T11:20:12", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "841093", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1517_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for mono USN-1517-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Mono System.Web library incorrectly filtered\n certain error messages related to forbidden files. If a user were tricked\n into opening a specially crafted URL, an attacker could possibly exploit\n this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3382)\n\n It was discovered that the Mono System.Web library incorrectly handled the\n EnableViewStateMac property. If a user were tricked into opening a\n specially crafted URL, an attacker could possibly exploit this to conduct\n cross-site scripting (XSS) attacks. This issue only affected Ubuntu\n 10.04 LTS. (CVE-2010-1459)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1517-1\";\ntag_affected = \"mono on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1517-1/\");\n script_id(841093);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-26 11:10:18 +0530 (Thu, 26 Jul 2012)\");\n script_cve_id(\"CVE-2012-3382\", \"CVE-2010-1459\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1517-1\");\n script_name(\"Ubuntu Update for mono USN-1517-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web1.0-cil\", ver:\"2.4.4~svn151842-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web2.0-cil\", ver:\"2.4.4~svn151842-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web2.0-cil\", ver:\"2.10.8.1-1ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web4.0-cil\", ver:\"2.10.8.1-1ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web2.0-cil\", ver:\"2.10.5-1ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web4.0-cil\", ver:\"2.10.5-1ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web1.0-cil\", ver:\"2.6.7-5ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web2.0-cil\", ver:\"2.6.7-5ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:59:51", "description": "Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.", "edition": 6, "cvss3": {}, "published": "2012-07-12T21:55:00", "title": "CVE-2012-3382", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3382"], "modified": "2013-04-05T03:11:00", "cpe": ["cpe:/a:mono:mono:2.10.8"], "id": "CVE-2012-3382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3382", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mono:mono:2.10.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:44:57", "description": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.", "edition": 4, "cvss3": {}, "published": "2010-05-27T19:00:00", "title": "CVE-2010-1459", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1459"], "modified": "2010-09-09T05:41:00", "cpe": ["cpe:/a:mono:mono:1.1.1", "cpe:/a:mono:mono:1.1.9.1", "cpe:/a:mono:mono:1.9.1", "cpe:/a:mono:mono:1.1.13.8.1", "cpe:/a:mono:mono:1.1.9.2", "cpe:/a:mono:mono:1.0.6", "cpe:/a:mono:mono:1.1.2", "cpe:/a:mono:mono:1.1.16", "cpe:/a:mono:mono:1.0.1", "cpe:/a:mono:mono:1.2.3.1", "cpe:/a:mono:mono:1.1.8", "cpe:/a:mono:mono:1.1.3", "cpe:/a:mono:mono:2.4", "cpe:/a:mono:mono:1.2.4", "cpe:/a:mono:mono:1.1.13.2", "cpe:/a:mono:mono:1.1.13.6", "cpe:/a:mono:mono:1.1.13.4", "cpe:/a:mono:mono:2.0", "cpe:/a:mono:mono:1.2.5", "cpe:/a:mono:mono:1.1.16.1", "cpe:/a:mono:mono:2.4.2", "cpe:/a:mono:mono:1.2.3", "cpe:/a:mono:mono:1.1.13.5", "cpe:/a:mono:mono:1.1.17.2", "cpe:/a:mono:mono:1.0.2", "cpe:/a:mono:mono:1.2.6", "cpe:/a:mono:mono:1.1.17.1", "cpe:/a:mono:mono:1.2.2.1", "cpe:/a:mono:mono:1.1.10", "cpe:/a:mono:mono:2.2", "cpe:/a:mono:mono:1.1.14", "cpe:/a:mono:mono:1.1.13.7", "cpe:/a:mono:mono:1.2.5.1", "cpe:/a:mono:mono:1.1.13.8", "cpe:/a:mono:mono:1.0.5", "cpe:/a:mono:mono:1.1.17", "cpe:/a:mono:mono:1.0", "cpe:/a:mono:mono:1.1.10.1", "cpe:/a:mono:mono:1.1.18", "cpe:/a:mono:mono:2.0.1", "cpe:/a:mono:mono:1.1.15", "cpe:/a:mono:mono:1.1.4", "cpe:/a:mono:mono:1.2", "cpe:/a:mono:mono:1.9", "cpe:/a:mono:mono:1.2.1", "cpe:/a:mono:mono:2.4.3", "cpe:/a:mono:mono:2.4.2.3", "cpe:/a:mono:mono:1.1.7", "cpe:/a:mono:mono:1.1.8.3", "cpe:/a:mono:mono:1.1.11", "cpe:/a:mono:mono:1.1.6", "cpe:/a:mono:mono:2.4.2.1", "cpe:/a:mono:mono:1.2.2", "cpe:/a:mono:mono:1.1.13", "cpe:/a:mono:mono:2.4.2.2", "cpe:/a:mono:mono:1.1.12.1", "cpe:/a:mono:mono:1.2.5.2", "cpe:/a:mono:mono:1.1.9", "cpe:/a:mono:mono:1.0.4", "cpe:/a:mono:mono:1.1.8.1", "cpe:/a:mono:mono:1.1.5", "cpe:/a:mono:mono:1.1.12"], "id": "CVE-2010-1459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1459", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.13.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.13.5:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.13.8:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.4.2.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3382", "CVE-2010-1459"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1517-1", "modified": "2019-03-13T00:00:00", "published": "2012-07-26T00:00:00", "id": "OPENVAS:1361412562310841093", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841093", "type": "openvas", "title": "Ubuntu Update for mono USN-1517-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1517_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for mono USN-1517-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1517-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841093\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-26 11:10:18 +0530 (Thu, 26 Jul 2012)\");\n script_cve_id(\"CVE-2012-3382\", \"CVE-2010-1459\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1517-1\");\n script_name(\"Ubuntu Update for mono USN-1517-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1517-1\");\n script_tag(name:\"affected\", value:\"mono on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Mono System.Web library incorrectly filtered\n certain error messages related to forbidden files. If a user were tricked\n into opening a specially crafted URL, an attacker could possibly exploit\n this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3382)\n\n It was discovered that the Mono System.Web library incorrectly handled the\n EnableViewStateMac property. If a user were tricked into opening a\n specially crafted URL, an attacker could possibly exploit this to conduct\n cross-site scripting (XSS) attacks. This issue only affected Ubuntu\n 10.04 LTS. (CVE-2010-1459)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web1.0-cil\", ver:\"2.4.4~svn151842-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web2.0-cil\", ver:\"2.4.4~svn151842-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web2.0-cil\", ver:\"2.10.8.1-1ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web4.0-cil\", ver:\"2.10.8.1-1ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web2.0-cil\", ver:\"2.10.5-1ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web4.0-cil\", ver:\"2.10.5-1ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web1.0-cil\", ver:\"2.6.7-5ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmono-system-web2.0-cil\", ver:\"2.6.7-5ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-23T13:05:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of mono", "modified": "2018-01-23T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:1361412562310862243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862243", "type": "openvas", "title": "Fedora Update for mono FEDORA-2010-10332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora 13\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044049.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862243\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~2.6.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-19T15:04:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of mono-tools", "modified": "2018-01-19T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:1361412562310862244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862244", "type": "openvas", "title": "Fedora Update for mono-tools FEDORA-2010-10332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono-tools FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono-tools on Fedora 13\";\ntag_insight = \"Monotools are a number of tools for mono such as allowing monodoc to be run\n independently of monodevelop\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044048.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862244\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono-tools FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono-tools\", rpm:\"mono-tools~2.6.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-17T11:05:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of gtksourceview-sharp", "modified": "2018-01-16T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:1361412562310862249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862249", "type": "openvas", "title": "Fedora Update for gtksourceview-sharp FEDORA-2010-10332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gtksourceview-sharp FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gtksourceview-sharp on Fedora 13\";\ntag_insight = \"gtksourceview-sharp is a C sharp binder for gtksourceview\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044052.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862249\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for gtksourceview-sharp FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gtksourceview-sharp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtksourceview-sharp\", rpm:\"gtksourceview-sharp~2.0.12~11.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of gnome-sharp", "modified": "2017-12-25T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:862251", "href": "http://plugins.openvas.org/nasl.php?oid=862251", "type": "openvas", "title": "Fedora Update for gnome-sharp FEDORA-2010-10332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-sharp FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-sharp on Fedora 13\";\ntag_insight = \"This package provides a library that allows you to build\n fully native graphical GNOME applications using Mono. gnome-sharp\n extends gtk-sharp2 and adds bindings for gconf, libgnome, gnome-vfs,\n libart, gtkhtml, librsvg, and vte.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044047.html\");\n script_id(862251);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for gnome-sharp FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-sharp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-sharp\", rpm:\"gnome-sharp~2.24.1~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of mono", "modified": "2017-12-22T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:862243", "href": "http://plugins.openvas.org/nasl.php?oid=862243", "type": "openvas", "title": "Fedora Update for mono FEDORA-2010-10332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora 13\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044049.html\");\n script_id(862243);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~2.6.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:05:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of mono", "modified": "2018-01-03T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:1361412562310862246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862246", "type": "openvas", "title": "Fedora Update for mono FEDORA-2010-10433", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2010-10433\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora 12\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044051.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862246\");\n script_version(\"$Revision: 8274 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 08:28:17 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10433\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono FEDORA-2010-10433\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~2.4.3.1~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-22T13:05:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of libgdiplus", "modified": "2018-01-22T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:1361412562310862252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862252", "type": "openvas", "title": "Fedora Update for libgdiplus FEDORA-2010-10332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libgdiplus FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libgdiplus on Fedora 13\";\ntag_insight = \"An Open Source implementation of the GDI+ API, it is part of the Mono\n Project\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044050.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862252\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for libgdiplus FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libgdiplus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgdiplus\", rpm:\"libgdiplus~2.6.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-15T11:58:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of mono-basic", "modified": "2017-12-15T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:862242", "href": "http://plugins.openvas.org/nasl.php?oid=862242", "type": "openvas", "title": "Fedora Update for mono-basic FEDORA-2010-10332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono-basic FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono-basic on Fedora 13\";\ntag_insight = \"This package contains the Visual Basic .NET compiler and language\n runtime. This allows you to compile and run VB.NET application and\n assemblies.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044054.html\");\n script_id(862242);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono-basic FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono-basic\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono-basic\", rpm:\"mono-basic~2.6.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "description": "Check for the Version of libgdiplus", "modified": "2017-12-22T00:00:00", "published": "2010-07-16T00:00:00", "id": "OPENVAS:862252", "href": "http://plugins.openvas.org/nasl.php?oid=862252", "type": "openvas", "title": "Fedora Update for libgdiplus FEDORA-2010-10332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libgdiplus FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libgdiplus on Fedora 13\";\ntag_insight = \"An Open Source implementation of the GDI+ API, it is part of the Mono\n Project\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044050.html\");\n script_id(862252);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for libgdiplus FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libgdiplus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgdiplus\", rpm:\"libgdiplus~2.6.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-02-01T07:15:30", "description": "It was discovered that the Mono System.Web library incorrectly\nfiltered certain error messages related to forbidden files. If a user\nwere tricked into opening a specially crafted URL, an attacker could\npossibly exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2012-3382)\n\nIt was discovered that the Mono System.Web library incorrectly handled\nthe EnableViewStateMac property. If a user were tricked into opening a\nspecially crafted URL, an attacker could possibly exploit this to\nconduct cross-site scripting (XSS) attacks. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-4159).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2012-07-26T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mono vulnerabilities (USN-1517-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4159", "CVE-2012-3382", "CVE-2010-1459"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmono-system-web2.0-cil", "cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-web4.0-cil", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-web1.0-cil", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1517-1.NASL", "href": "https://www.tenable.com/plugins/nessus/60126", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1517-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60126);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2010-1459\", \"CVE-2010-4159\", \"CVE-2012-3382\");\n script_bugtraq_id(40351, 54344);\n script_xref(name:\"USN\", value:\"1517-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mono vulnerabilities (USN-1517-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Mono System.Web library incorrectly\nfiltered certain error messages related to forbidden files. If a user\nwere tricked into opening a specially crafted URL, an attacker could\npossibly exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2012-3382)\n\nIt was discovered that the Mono System.Web library incorrectly handled\nthe EnableViewStateMac property. If a user were tricked into opening a\nspecially crafted URL, an attacker could possibly exploit this to\nconduct cross-site scripting (XSS) attacks. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-4159).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1517-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libmono-system-web1.0-cil,\nlibmono-system-web2.0-cil and / or libmono-system-web4.0-cil packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web4.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libmono-system-web1.0-cil\", pkgver:\"2.4.4~svn151842-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"2.4.4~svn151842-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libmono-system-web1.0-cil\", pkgver:\"2.6.7-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"2.6.7-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"2.10.5-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libmono-system-web4.0-cil\", pkgver:\"2.10.5-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"2.10.8.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmono-system-web4.0-cil\", pkgver:\"2.10.8.1-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmono-system-web1.0-cil / libmono-system-web2.0-cil / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:44", "description": " - update the mono stack to release 2.6.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-07-14T00:00:00", "title": "Fedora 13 : gnome-sharp-2.24.1-1.fc13 / gtksourceview-sharp-2.0.12-11.fc13 / libgdiplus-2.6.4-1.fc13 / etc (2010-10332)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2010-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnome-sharp", "p-cpe:/a:fedoraproject:fedora:mono", "p-cpe:/a:fedoraproject:fedora:mono-basic", "cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:mono-tools", "p-cpe:/a:fedoraproject:fedora:xsp", "p-cpe:/a:fedoraproject:fedora:gtksourceview-sharp", "p-cpe:/a:fedoraproject:fedora:libgdiplus", "p-cpe:/a:fedoraproject:fedora:mod_mono"], "id": "FEDORA_2010-10332.NASL", "href": "https://www.tenable.com/plugins/nessus/47719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-10332.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47719);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1459\");\n script_bugtraq_id(40351);\n script_xref(name:\"FEDORA\", value:\"2010-10332\");\n\n script_name(english:\"Fedora 13 : gnome-sharp-2.24.1-1.fc13 / gtksourceview-sharp-2.0.12-11.fc13 / libgdiplus-2.6.4-1.fc13 / etc (2010-10332)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update the mono stack to release 2.6.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598155\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044047.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55461ebe\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044048.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15b75f01\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044049.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ec80b03\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044050.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e856b116\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044052.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b52c25ed\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044054.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1750e472\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ff9dfa1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044057.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc5ac0da\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-sharp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtksourceview-sharp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libgdiplus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-basic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xsp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"gnome-sharp-2.24.1-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"gtksourceview-sharp-2.0.12-11.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"libgdiplus-2.6.4-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mod_mono-2.6.3-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mono-2.6.4-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mono-basic-2.6.2-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mono-tools-2.6.2-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"xsp-2.6.4-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-sharp / gtksourceview-sharp / libgdiplus / mod_mono / mono / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:46", "description": " - Thu Jun 24 2010 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3.1-2\n\n - Add upstream patch for CVE-2010-1459:\n http://anonsvn.mono-project.com/viewvc?view=revision&r\n evision=156450\n\n - Wed Jan 13 2010 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3.1-1\n\n - Update to 2.4.3.1\n\n - Wed Dec 23 2009 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3-1\n\n - Update to 2.4.3\n\n - Drop mono-242-metadata-appconf.patch (fixed upstream)\n\n - package mono.snk for packages without bundled keys to\n use\n\n - put mono.snk in /etc/pki/mono/\n\n - package /etc/pki/mono/* in mono-devel\n\n - change %gac_dll macro to be more specific about the\n files to package (necessary to correctly select all\n files for the moonlight subpackage without any\n dangling symlinks)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-14T00:00:00", "title": "Fedora 12 : mono-2.4.3.1-2.fc12 (2010-10433)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2010-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mono", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-10433.NASL", "href": "https://www.tenable.com/plugins/nessus/47720", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-10433.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47720);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1459\");\n script_bugtraq_id(40351);\n script_xref(name:\"FEDORA\", value:\"2010-10433\");\n\n script_name(english:\"Fedora 12 : mono-2.4.3.1-2.fc12 (2010-10433)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Jun 24 2010 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3.1-2\n\n - Add upstream patch for CVE-2010-1459:\n http://anonsvn.mono-project.com/viewvc?view=revision&r\n evision=156450\n\n - Wed Jan 13 2010 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3.1-1\n\n - Update to 2.4.3.1\n\n - Wed Dec 23 2009 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3-1\n\n - Update to 2.4.3\n\n - Drop mono-242-metadata-appconf.patch (fixed upstream)\n\n - package mono.snk for packages without bundled keys to\n use\n\n - put mono.snk in /etc/pki/mono/\n\n - package /etc/pki/mono/* in mono-devel\n\n - change %gac_dll macro to be more specific about the\n files to package (necessary to correctly select all\n files for the moonlight subpackage without any\n dangling symlinks)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://anonsvn.mono-project.com/viewvc?view=revision&revision=156450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598155\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044051.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2dc66b36\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mono package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"mono-2.4.3.1-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mono\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:05:38", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mono-data-oracle", "p-cpe:/a:novell:opensuse:mono-data-sqlite", "p-cpe:/a:novell:opensuse:mono-nunit", "p-cpe:/a:novell:opensuse:mono-data-sybase", "p-cpe:/a:novell:opensuse:mono-web", "p-cpe:/a:novell:opensuse:mono-jscript", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:mono-complete", "p-cpe:/a:novell:opensuse:mono-data-firebird", "p-cpe:/a:novell:opensuse:mono-data-postgresql", "p-cpe:/a:novell:opensuse:ibm-data-db2", "p-cpe:/a:novell:opensuse:mono-core", "p-cpe:/a:novell:opensuse:mono-wcf", "p-cpe:/a:novell:opensuse:mono-data", "p-cpe:/a:novell:opensuse:mono-locale-extras", "p-cpe:/a:novell:opensuse:mono-extras", "p-cpe:/a:novell:opensuse:bytefx-data-mysql", "p-cpe:/a:novell:opensuse:monodoc-core", "p-cpe:/a:novell:opensuse:mono-winforms", "p-cpe:/a:novell:opensuse:mono-devel"], "id": "SUSE_11_2_BYTEFX-DATA-MYSQL-100426.NASL", "href": "https://www.tenable.com/plugins/nessus/47573", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bytefx-data-mysql-2384.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47573);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1459\");\n\n script_name(english:\"openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)\");\n script_summary(english:\"Check for the bytefx-data-mysql-2384 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bytefx-data-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-complete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-wcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"bytefx-data-mysql-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"ibm-data-db2-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-complete-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-core-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-firebird-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-oracle-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-postgresql-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-sqlite-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-sybase-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-devel-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-extras-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-jscript-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-locale-extras-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-nunit-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-wcf-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-web-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-winforms-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"monodoc-core-2.4.2.3-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bytefx-data-mysql / ibm-data-db2 / mono-complete / mono-core / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:03:03", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2010-07-01T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:mono-data-oracle", "p-cpe:/a:novell:opensuse:mono-data-sqlite", "p-cpe:/a:novell:opensuse:mono-nunit", "p-cpe:/a:novell:opensuse:mono-data-sybase", "p-cpe:/a:novell:opensuse:mono-core-32bit", "p-cpe:/a:novell:opensuse:mono-web", "p-cpe:/a:novell:opensuse:mono-jscript", "p-cpe:/a:novell:opensuse:mono-complete", "p-cpe:/a:novell:opensuse:mono-data-firebird", "p-cpe:/a:novell:opensuse:mono-data-postgresql", "p-cpe:/a:novell:opensuse:ibm-data-db2", "p-cpe:/a:novell:opensuse:mono-core", "p-cpe:/a:novell:opensuse:mono-data", "p-cpe:/a:novell:opensuse:mono-locale-extras", "p-cpe:/a:novell:opensuse:mono-extras", "p-cpe:/a:novell:opensuse:bytefx-data-mysql", "p-cpe:/a:novell:opensuse:monodoc-core", "p-cpe:/a:novell:opensuse:mono-winforms", "p-cpe:/a:novell:opensuse:mono-devel"], "id": "SUSE_11_0_BYTEFX-DATA-MYSQL-100422.NASL", "href": "https://www.tenable.com/plugins/nessus/47569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bytefx-data-mysql-2384.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47569);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1459\");\n\n script_name(english:\"openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)\");\n script_summary(english:\"Check for the bytefx-data-mysql-2384 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bytefx-data-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-complete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"bytefx-data-mysql-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ibm-data-db2-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-complete-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-core-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-firebird-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-oracle-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-postgresql-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-sqlite-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-sybase-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-devel-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-extras-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-jscript-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-locale-extras-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-nunit-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-web-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-winforms-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"monodoc-core-1.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mono-core-32bit-1.9.1-6.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bytefx-data-mysql / ibm-data-db2 / mono-complete / mono-core / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:09:59", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site scripting (XSS) attacks.", "edition": 24, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : mono-core / Mono (SAT Patch Numbers 2326 / 2474)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mono-data-sybase", "p-cpe:/a:novell:suse_linux:11:mono-winforms", "p-cpe:/a:novell:suse_linux:11:mono-jscript", "p-cpe:/a:novell:suse_linux:11:mono-locale-extras", "p-cpe:/a:novell:suse_linux:11:mono-data-postgresql", "p-cpe:/a:novell:suse_linux:11:mono-data-sqlite", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:ibm-data-db2", "p-cpe:/a:novell:suse_linux:11:mono-data", "p-cpe:/a:novell:suse_linux:11:mono-extras", "p-cpe:/a:novell:suse_linux:11:bytefx-data-mysql", "p-cpe:/a:novell:suse_linux:11:mono-web", "p-cpe:/a:novell:suse_linux:11:mono-core", "p-cpe:/a:novell:suse_linux:11:mono-data-firebird", "p-cpe:/a:novell:suse_linux:11:mono-devel", "p-cpe:/a:novell:suse_linux:11:mono-nunit", "p-cpe:/a:novell:suse_linux:11:mono-data-oracle"], "id": "SUSE_11_BYTEFX-DATA-MYSQL-100422.NASL", "href": "https://www.tenable.com/plugins/nessus/50892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50892);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1459\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : mono-core / Mono (SAT Patch Numbers 2326 / 2474)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site scripting (XSS) attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1459.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2326 / 2474 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"bytefx-data-mysql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"ibm-data-db2-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-firebird-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-oracle-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-sybase-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-devel-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-jscript-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"bytefx-data-mysql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"ibm-data-db2-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-firebird-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-oracle-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-sybase-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-devel-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-jscript-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"bytefx-data-mysql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"ibm-data-db2-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-firebird-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-oracle-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-sybase-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-devel-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-jscript-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"bytefx-data-mysql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"ibm-data-db2-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-firebird-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-oracle-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-sybase-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-devel-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-jscript-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:04:14", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mono-data-oracle", "p-cpe:/a:novell:opensuse:mono-data-sqlite", "p-cpe:/a:novell:opensuse:mono-nunit", "p-cpe:/a:novell:opensuse:mono-data-sybase", "p-cpe:/a:novell:opensuse:mono-core-32bit", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:mono-web", "p-cpe:/a:novell:opensuse:mono-jscript", "p-cpe:/a:novell:opensuse:mono-complete", "p-cpe:/a:novell:opensuse:mono-data-firebird", "p-cpe:/a:novell:opensuse:mono-data-postgresql", "p-cpe:/a:novell:opensuse:ibm-data-db2", "p-cpe:/a:novell:opensuse:mono-core", "p-cpe:/a:novell:opensuse:mono-data", "p-cpe:/a:novell:opensuse:mono-locale-extras", "p-cpe:/a:novell:opensuse:mono-extras", "p-cpe:/a:novell:opensuse:bytefx-data-mysql", "p-cpe:/a:novell:opensuse:monodoc-core", "p-cpe:/a:novell:opensuse:mono-winforms", "p-cpe:/a:novell:opensuse:mono-devel"], "id": "SUSE_11_1_BYTEFX-DATA-MYSQL-100422.NASL", "href": "https://www.tenable.com/plugins/nessus/47571", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bytefx-data-mysql-2384.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47571);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1459\");\n\n script_name(english:\"openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)\");\n script_summary(english:\"Check for the bytefx-data-mysql-2384 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bytefx-data-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-complete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bytefx-data-mysql-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"ibm-data-db2-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-complete-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-core-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-firebird-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-oracle-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-postgresql-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-sqlite-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-sybase-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-devel-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-extras-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-jscript-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-locale-extras-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-nunit-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-web-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-winforms-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"monodoc-core-2.0-1.42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mono-core-32bit-2.0.1-1.23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bytefx-data-mysql / ibm-data-db2 / mono-complete / mono-core / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T11:53:50", "description": "A vulnerability has been discovered and corrected in mono :\n\nCross-site scripting (XSS) vulnerability in the ProcessRequest\nfunction in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in\nMono 2.10.8 and earlier allows remote attackers to inject arbitrary\nweb script or HTML via a file with a crafted name and a forbidden\nextension, which is not properly handled in an error message\n(CVE-2012-3382).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : mono (MDVSA-2012:140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3382"], "modified": "2012-09-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libmono0", "p-cpe:/a:mandriva:linux:mono-wcf-2.0", "cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:mono-data-2.0", "p-cpe:/a:mandriva:linux:mono", "p-cpe:/a:mandriva:linux:mono-extras", "p-cpe:/a:mandriva:linux:mono-locale-extras-2.0", "p-cpe:/a:mandriva:linux:mono-winforms-2.0", "p-cpe:/a:mandriva:linux:mono-web-4.0", "p-cpe:/a:mandriva:linux:mono-winforms-compat", "p-cpe:/a:mandriva:linux:libmono2.0_1", "p-cpe:/a:mandriva:linux:mono-locale-extras-4.0", "p-cpe:/a:mandriva:linux:mono-winforms-4.0", "p-cpe:/a:mandriva:linux:libmono-devel", "p-cpe:/a:mandriva:linux:mono-nunit", "p-cpe:/a:mandriva:linux:mono-doc", "p-cpe:/a:mandriva:linux:lib64mono-devel", "p-cpe:/a:mandriva:linux:mono-data", "p-cpe:/a:mandriva:linux:mono-wcf-4.0", "p-cpe:/a:mandriva:linux:mono-web-2.0", "p-cpe:/a:mandriva:linux:lib64mono0", "p-cpe:/a:mandriva:linux:mono-extras-2.0", "p-cpe:/a:mandriva:linux:mono-data-4.0", "p-cpe:/a:mandriva:linux:mono-winfxcore-2.0", "p-cpe:/a:mandriva:linux:mono-wcf", "p-cpe:/a:mandriva:linux:lib64mono2.0_1", "p-cpe:/a:mandriva:linux:mono-web-compat", "p-cpe:/a:mandriva:linux:mono-4.0", "p-cpe:/a:mandriva:linux:mono-locale-extras", "p-cpe:/a:mandriva:linux:mono-web", "p-cpe:/a:mandriva:linux:mono-data-compat", "p-cpe:/a:mandriva:linux:mono-2.0", "p-cpe:/a:mandriva:linux:mono-extras-compat", "p-cpe:/a:mandriva:linux:mono-extras-4.0", "p-cpe:/a:mandriva:linux:mono-locale-extras-compat", "p-cpe:/a:mandriva:linux:mono-compat", "p-cpe:/a:mandriva:linux:mono-winfxcore-4.0", "p-cpe:/a:mandriva:linux:monodoc-core", "p-cpe:/a:mandriva:linux:mono-winfxcore", "p-cpe:/a:mandriva:linux:mono-winforms"], "id": "MANDRIVA_MDVSA-2012-140.NASL", "href": "https://www.tenable.com/plugins/nessus/61985", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:140. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61985);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-3382\");\n script_bugtraq_id(54344);\n script_xref(name:\"MDVSA\", value:\"2012:140\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mono (MDVSA-2012:140)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in mono :\n\nCross-site scripting (XSS) vulnerability in the ProcessRequest\nfunction in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in\nMono 2.10.8 and earlier allows remote attackers to inject arbitrary\nweb script or HTML via a file with a crafted name and a forbidden\nextension, which is not properly handled in an error message\n(CVE-2012-3382).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mono0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mono2.0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono2.0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-data-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-data-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-data-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-extras-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-extras-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-extras-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-locale-extras-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-locale-extras-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-locale-extras-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-wcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-wcf-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-wcf-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-web-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-web-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-web-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-winforms-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-winforms-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-winforms-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-winfxcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-winfxcore-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-winfxcore-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64mono-devel-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64mono0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64mono2.0_1-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libmono-devel-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libmono0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libmono2.0_1-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-2.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-4.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-compat-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-data-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-data-2.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-data-4.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-data-compat-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-doc-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-extras-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-extras-2.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-extras-4.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-extras-compat-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-locale-extras-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-locale-extras-compat-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-nunit-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-wcf-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-wcf-2.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-wcf-4.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-web-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-web-2.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-web-4.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-web-compat-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-winforms-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-winforms-2.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-winforms-4.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-winforms-compat-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-winfxcore-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"monodoc-core-2.10.2-4.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T14:37:39", "description": "Mono was updated to fix a cross-site scripting attack in the\nSystem.Web class 'forbidden extensions' filtering has been fixed.\n(CVE-2012-3382)", "edition": 18, "published": "2013-01-25T00:00:00", "title": "SuSE 11.2 Security Update : Mono (SAT Patch Number 6543)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3382"], "modified": "2013-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mono-data-sybase", "p-cpe:/a:novell:suse_linux:11:mono-winforms", "p-cpe:/a:novell:suse_linux:11:mono-jscript", "p-cpe:/a:novell:suse_linux:11:mono-locale-extras", "p-cpe:/a:novell:suse_linux:11:mono-wcf", "p-cpe:/a:novell:suse_linux:11:mono-data-postgresql", "p-cpe:/a:novell:suse_linux:11:mono-data-sqlite", "p-cpe:/a:novell:suse_linux:11:monodoc-core", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:ibm-data-db2", "p-cpe:/a:novell:suse_linux:11:mono-data", "p-cpe:/a:novell:suse_linux:11:mono-extras", "p-cpe:/a:novell:suse_linux:11:bytefx-data-mysql", "p-cpe:/a:novell:suse_linux:11:mono-web", "p-cpe:/a:novell:suse_linux:11:mono-core", "p-cpe:/a:novell:suse_linux:11:mono-data-firebird", "p-cpe:/a:novell:suse_linux:11:mono-devel", "p-cpe:/a:novell:suse_linux:11:mono-nunit", "p-cpe:/a:novell:suse_linux:11:mono-data-oracle"], "id": "SUSE_11_BYTEFX-DATA-MYSQL-120713.NASL", "href": "https://www.tenable.com/plugins/nessus/64118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64118);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3382\");\n\n script_name(english:\"SuSE 11.2 Security Update : Mono (SAT Patch Number 6543)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono was updated to fix a cross-site scripting attack in the\nSystem.Web class 'forbidden extensions' filtering has been fixed.\n(CVE-2012-3382)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=769799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3382.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6543.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-wcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"bytefx-data-mysql-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"ibm-data-db2-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-core-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-data-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-data-firebird-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-data-oracle-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-data-postgresql-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-data-sqlite-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-data-sybase-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-devel-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-extras-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-jscript-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-locale-extras-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-nunit-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-wcf-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-web-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"mono-winforms-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"monodoc-core-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"bytefx-data-mysql-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"ibm-data-db2-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-core-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-data-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-data-firebird-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-data-oracle-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-data-postgresql-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-data-sqlite-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-data-sybase-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-devel-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-extras-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-jscript-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-locale-extras-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-nunit-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-wcf-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-web-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"mono-winforms-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"monodoc-core-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"mono-core-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"mono-data-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"mono-data-postgresql-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"mono-data-sqlite-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"mono-locale-extras-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"mono-nunit-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"mono-web-2.6.7-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"mono-winforms-2.6.7-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:25:24", "description": "Mono was updated to fix :\n\nA cross site scripting attack in the System.Web class 'forbidden\nextensions' filtering was fixed. (CVE-2012-3382)", "edition": 20, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : mono-web (openSUSE-SU-2012:0974-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3382"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmonosgen-2_0-devel", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:mono-data-oracle", "p-cpe:/a:novell:opensuse:mono-data-sqlite", "p-cpe:/a:novell:opensuse:mono-nunit", "p-cpe:/a:novell:opensuse:mono-winfxcore", "p-cpe:/a:novell:opensuse:mono-core-debugsource", "p-cpe:/a:novell:opensuse:mono-mvc", "p-cpe:/a:novell:opensuse:mono-web", "p-cpe:/a:novell:opensuse:libmono-2_0-devel", "p-cpe:/a:novell:opensuse:mono-complete", "p-cpe:/a:novell:opensuse:mono-devel-debuginfo", "p-cpe:/a:novell:opensuse:mono-core-debuginfo", "p-cpe:/a:novell:opensuse:mono-data-postgresql", "p-cpe:/a:novell:opensuse:libmono-2_0-1", "p-cpe:/a:novell:opensuse:ibm-data-db2", "p-cpe:/a:novell:opensuse:libmonosgen-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libmonosgen-2_0-0", "p-cpe:/a:novell:opensuse:mono-core", "p-cpe:/a:novell:opensuse:mono-wcf", "p-cpe:/a:novell:opensuse:mono-data", "p-cpe:/a:novell:opensuse:mono-locale-extras", "p-cpe:/a:novell:opensuse:mono-extras", "p-cpe:/a:novell:opensuse:monodoc-core", "p-cpe:/a:novell:opensuse:mono-winforms", "p-cpe:/a:novell:opensuse:libmono-2_0-1-debuginfo", "p-cpe:/a:novell:opensuse:mono-devel"], "id": "OPENSUSE-2012-498.NASL", "href": "https://www.tenable.com/plugins/nessus/74707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-498.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74707);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3382\");\n\n script_name(english:\"openSUSE Security Update : mono-web (openSUSE-SU-2012:0974-1)\");\n script_summary(english:\"Check for the openSUSE-2012-498 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono was updated to fix :\n\nA cross site scripting attack in the System.Web class 'forbidden\nextensions' filtering was fixed. (CVE-2012-3382)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=769799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mono-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmono-2_0-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmono-2_0-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmono-2_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmonosgen-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmonosgen-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmonosgen-2_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-complete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-mvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-wcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-winfxcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ibm-data-db2-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libmono-2_0-1-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libmono-2_0-1-debuginfo-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libmono-2_0-devel-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libmonosgen-2_0-0-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libmonosgen-2_0-0-debuginfo-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libmonosgen-2_0-devel-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-complete-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-core-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-core-debuginfo-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-core-debugsource-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-data-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-data-oracle-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-data-postgresql-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-data-sqlite-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-devel-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-devel-debuginfo-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-extras-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-locale-extras-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-mvc-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-nunit-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-wcf-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-web-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-winforms-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mono-winfxcore-2.10.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"monodoc-core-2.10.6-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mono-web\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": " mod_mono allows Apache to serve ASP.NET pages by proxying the requests to a slightly modified version of the XSP server, called mod-mono-server, that is installed along with XSP ", "modified": "2010-07-13T07:47:49", "published": "2010-07-13T07:47:49", "id": "FEDORA:B5A031113E4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: mod_mono-2.6.3-1.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": "An Open Source implementation of the GDI+ API, it is part of the Mono Project ", "modified": "2010-07-13T07:47:49", "published": "2010-07-13T07:47:49", "id": "FEDORA:C9E211113EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: libgdiplus-2.6.4-1.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": "The Mono runtime implements a JIT engine for the ECMA CLI virtual machine (as well as a byte code interpreter, the class loader, the garbage collector, threading system and metadata access libraries. ", "modified": "2010-07-13T07:47:49", "published": "2010-07-13T07:47:49", "id": "FEDORA:C36261113E7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: mono-2.6.4-1.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": "The Mono runtime implements a JIT engine for the ECMA CLI virtual machine (as well as a byte code interpreter, the class loader, the garbage collector, threading system and metadata access libraries. ", "modified": "2010-07-13T07:47:59", "published": "2010-07-13T07:47:59", "id": "FEDORA:069B3110D7A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: mono-2.4.3.1-2.fc12", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": "gtksourceview-sharp is a C sharp binder for gtksourceview ", "modified": "2010-07-13T07:47:49", "published": "2010-07-13T07:47:49", "id": "FEDORA:AFA99110D7A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: gtksourceview-sharp-2.0.12-11.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": "Monotools are a number of tools for mono such as allowing monodoc to be run independantly of monodevelop ", "modified": "2010-07-13T07:47:49", "published": "2010-07-13T07:47:49", "id": "FEDORA:B2969110F39", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: mono-tools-2.6.2-1.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": "This package provides a library that allows you to build fully native graphical GNOME applications using Mono. gnome-sharp extends gtk-sharp2 and adds bindings for gconf, libgnome, gnome-vfs, libart, gtkhtml, librsvg, and vte. ", "modified": "2010-07-13T07:47:49", "published": "2010-07-13T07:47:49", "id": "FEDORA:AB840110BF6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: gnome-sharp-2.24.1-1.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": "This package contains the Visual Basic .NET compiler and language runtime. This allows you to compile and run VB.NET application and assemblies. ", "modified": "2010-07-13T07:47:49", "published": "2010-07-13T07:47:49", "id": "FEDORA:C706C1113E8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: mono-basic-2.6.2-1.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1459"], "description": " XSP is a standalone web server written in C# that can be used to run ASP.NET applications as well as a set of pages, controls and web services that you can use to experience ASP.NET. ", "modified": "2010-07-13T07:47:49", "published": "2010-07-13T07:47:49", "id": "FEDORA:BD7FD1113E5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: xsp-2.6.4-1.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-3382"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2512-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJuly 12, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : mono\r\nVulnerability : missing input sanitising\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-3382\r\n\r\nMarcus Meissner discovered that the web server included in Mono performed\r\ninsufficient sanitising of requests, resulting in cross-site scripting.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 2.6.7-5.1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.10.8.1-5.\r\n\r\nWe recommend that you upgrade your mono packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAk//Ip8ACgkQXm3vHE4uylq/ZACgzhmPHpbw5c6emny8n01muIic\r\nxSEAoKtGcbVr81S3cewRITmkodPEwqYp\r\n=2Q3q\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-07-16T00:00:00", "published": "2012-07-16T00:00:00", "id": "SECURITYVULNS:DOC:28306", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28306", "title": "[SECURITY] [DSA 2512-1] mono security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-3382"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:140\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : mono\r\n Date : August 20, 2012\r\n Affected: 2011.\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in mono:\r\n \r\n Cross-site scripting (XSS) vulnerability in the ProcessRequest function\r\n in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono\r\n 2.10.8 and earlier allows remote attackers to inject arbitrary\r\n web script or HTML via a file with a crafted name and a forbidden\r\n extension, which is not properly handled in an error message\r\n (CVE-2012-3382).\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2011:\r\n 0ed3c27e0c553ffdd090e7dfa490aeeb 2011/i586/libmono0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 206650276cf4dca32ddf2c4dab1c0ccd 2011/i586/libmono2.0_1-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 6880796d1614c194957e4b73c5041530 2011/i586/libmono-devel-2.10.2-4.1-mdv2011.0.i586.rpm\r\n d37bbf7fa4d8f4c7e42841013a94a772 2011/i586/mono-2.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 6177e8a73c780cee0c44ce9c3e86059d 2011/i586/mono-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 7c14c69834410662e6e80fcb666632e1 2011/i586/mono-4.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 57e47d062f8f611da6022970525d55ba 2011/i586/mono-compat-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 8420732fc320240f61ea95f1ab1cab5c 2011/i586/mono-data-2.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n fed75c98595ce593af75e3e9ec9ccc89 2011/i586/mono-data-2.10.2-4.1-mdv2011.0.i586.rpm\r\n f6ac7e2c9477f04bd80d7b01d23d4504 2011/i586/mono-data-4.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 7f942b460770ae3e2c9ef3eccd220f52 2011/i586/mono-data-compat-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 14e7749bd0b7f73b8cefe38e17217b17 2011/i586/mono-doc-2.10.2-4.1-mdv2011.0.noarch.rpm\r\n 8fa14aa29453bf2940c66c3118c83a5f 2011/i586/monodoc-core-2.10.2-4.1-mdv2011.0.i586.rpm\r\n f3a8ff2b77abe7758d0375407031523b 2011/i586/mono-extras-2.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 51a7113e627f19e58ea6151769e9ddad 2011/i586/mono-extras-2.10.2-4.1-mdv2011.0.i586.rpm\r\n f0a545a4548b2dffc2cfd8006ae53655 2011/i586/mono-extras-4.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 7b8e1fe6d867b1f94ac9c8b61f8649f9 2011/i586/mono-extras-compat-2.10.2-4.1-mdv2011.0.i586.rpm\r\n a68edef182bd82cd5c3f8efd566cb771 2011/i586/mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 3bf8ad87f91a7872ea0f324f70ea878e 2011/i586/mono-locale-extras-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 1bee39c2f8b992f6c15a85e9bf903349 2011/i586/mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 4b54aadecb36015eec89539abaff3c45 2011/i586/mono-locale-extras-compat-2.10.2-4.1-mdv2011.0.i586.rpm\r\n fbc7afddb39e1a176c6d9e0f1a28ab58 2011/i586/mono-nunit-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 92de44cd1f0b1d28814de93c08562c37 2011/i586/mono-wcf-2.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 9c7712458b5251d83db1620006dadd7d 2011/i586/mono-wcf-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 56dac691a9077a4b14d811bc8bd8f725 2011/i586/mono-wcf-4.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n c3239c29a7bf9fd337f4927eda1ee104 2011/i586/mono-web-2.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 30f4846dd3e572c00a35faaca1d49a43 2011/i586/mono-web-2.10.2-4.1-mdv2011.0.i586.rpm\r\n f617be730eb3013247fbe4e0813d021c 2011/i586/mono-web-4.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n d51911239e5d2aaeb01cd87d79879176 2011/i586/mono-web-compat-2.10.2-4.1-mdv2011.0.i586.rpm\r\n b9f44e09de6d0b4588f062b12ab34c2e 2011/i586/mono-winforms-2.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 8c8e8b3fcc4f43c354760a06dd4d470f 2011/i586/mono-winforms-2.10.2-4.1-mdv2011.0.i586.rpm\r\n edfaba163dbfecea7082177eee7d2c5c 2011/i586/mono-winforms-4.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 4eaaef456c955f03576333e654d57ba5 2011/i586/mono-winforms-compat-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 2bb7b24054d9b362629d70d946c07b8d 2011/i586/mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0.i586.rpm\r\n beb92d73397de92fc8b461d12dba4757 2011/i586/mono-winfxcore-2.10.2-4.1-mdv2011.0.i586.rpm\r\n 6dd6962e129e4fbef484a98b57e9923d 2011/i586/mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0.i586.rpm \r\n d386d81286f4c4b5cca06f17bc9be66d 2011/SRPMS/mono-2.10.2-4.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n ad49ad287eeb7564a8f6b492b6d748e6 2011/x86_64/lib64mono0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n e4e11c03f40aa2b7cb26e67136944ac8 2011/x86_64/lib64mono2.0_1-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 7843204d8c0c6771a24e94f25be8b73d 2011/x86_64/lib64mono-devel-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 74c9f4752d032c57018770b6026926e1 2011/x86_64/mono-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 035f8a8246bb3347280df63240c06706 2011/x86_64/mono-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 0ac9acad48fe9a1a328f34cf61c73fb2 2011/x86_64/mono-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 04727b55b7e97328f052029b2133e3c3 2011/x86_64/mono-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n d0254fe8adc9a847d30f1050dfca3d68 2011/x86_64/mono-data-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 1632f1de58a6c6ea2b93c200228edde9 2011/x86_64/mono-data-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 2b7f625f20b2b48b7ce2bdf35493dbfb 2011/x86_64/mono-data-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 8434453ee0de9677c86bcb1ce735223a 2011/x86_64/mono-data-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 8b89545140f65b501b61ba0499351269 2011/x86_64/mono-doc-2.10.2-4.1-mdv2011.0.noarch.rpm\r\n 69bf60a7c499afe9ed2cf5fd85d31b7a 2011/x86_64/monodoc-core-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n c1ad7337fae59d9287bb5b6ff31ba865 2011/x86_64/mono-extras-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 3341d6f6d2ed102790aee3d7702e2fc7 2011/x86_64/mono-extras-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 94a6058ae1794e825ff7b651ffb47b99 2011/x86_64/mono-extras-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 3320949df4acd74efe71f73f6bff2ef1 2011/x86_64/mono-extras-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 4b9ca77319c29d51ac07d7ff11ce5a2b 2011/x86_64/mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 2eeec220d341083e6041eb26b679b6e9 2011/x86_64/mono-locale-extras-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n d9578790a77b37a48c800afc0fb1b771 2011/x86_64/mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 8449d63a847ee24e905457e0bbf8dfb8 2011/x86_64/mono-locale-extras-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 80881fa77986f67b9bed589594744345 2011/x86_64/mono-nunit-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 2ce4cecfbbfdaefe5ada0095f8f7e97d 2011/x86_64/mono-wcf-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n e9f112cfe273410bcbef4063b212bb09 2011/x86_64/mono-wcf-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n eadb1754ae5f98b15edbc08819992132 2011/x86_64/mono-wcf-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n e9a6f71e1e55505546e32ce0584bbf79 2011/x86_64/mono-web-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n cd62f737bbd69e11c9443c324f8c4ef4 2011/x86_64/mono-web-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 8f0e2399b4aa0d4b682cd9850521b5f5 2011/x86_64/mono-web-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 7fcfff40c20241bced3fd9f6df5d795d 2011/x86_64/mono-web-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 06505f5d48413d6d721dc2cf6819bab8 2011/x86_64/mono-winforms-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 5157c894dc80c0ddf623bf9d986edcc7 2011/x86_64/mono-winforms-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n ecb7673772eae830af578c86d97960ba 2011/x86_64/mono-winforms-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n a13b2523a1d1de6b0d2898b58773b97b 2011/x86_64/mono-winforms-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n be100a335bdc62bd5f2fcb18498838d7 2011/x86_64/mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n 25148ff9af9f58d1c1964c0d80ec5921 2011/x86_64/mono-winfxcore-2.10.2-4.1-mdv2011.0.x86_64.rpm\r\n b3a94278f253ec6f8577d1a7dd2aadd9 2011/x86_64/mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm \r\n d386d81286f4c4b5cca06f17bc9be66d 2011/SRPMS/mono-2.10.2-4.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFQMgnnmqjQ0CJFipgRApnIAJ9Hbx/qrvIXaG6KppvKRB9n43CzzwCfUOnO\r\nfx9P9KKS6YLQAUiMEaQXqcA=\r\n=/FD/\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-09-03T00:00:00", "published": "2012-09-03T00:00:00", "id": "SECURITYVULNS:DOC:28495", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28495", "title": "[ MDVSA-2012:140 ] mono", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-3867", "CVE-2012-3866", "CVE-2012-3382", "CVE-2012-3362", "CVE-2012-3864", "CVE-2012-3865", "CVE-2012-3805"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2012-07-16T00:00:00", "published": "2012-07-16T00:00:00", "id": "SECURITYVULNS:VULN:12480", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12480", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-4052", "CVE-2012-4003", "CVE-2012-3442", "CVE-2012-3443", "CVE-2012-1915", "CVE-2012-3382", "CVE-2012-2627", "CVE-2012-2626", "CVE-2012-4236", "CVE-2012-3444", "CVE-2012-3951", "CVE-2012-4237", "CVE-2012-4226", "CVE-2012-4238", "CVE-2012-3477", "CVE-2012-3848", "CVE-2012-4239"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2012-09-03T00:00:00", "published": "2012-09-03T00:00:00", "id": "SECURITYVULNS:VULN:12566", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12566", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:19:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3382"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2512-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 12, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mono\nVulnerability : missing input sanitising\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3382\n\nMarcus Meissner discovered that the web server included in Mono performed\ninsufficient sanitising of requests, resulting in cross-site scripting.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.7-5.1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.10.8.1-5.\n\nWe recommend that you upgrade your mono packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-07-12T19:27:56", "published": "2012-07-12T19:27:56", "id": "DEBIAN:DSA-2512-1:0332D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00150.html", "title": "[SECURITY] [DSA 2512-1] mono security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4159", "CVE-2012-3382"], "description": "It was discovered that the Mono System.Web library incorrectly filtered \ncertain error messages related to forbidden files. If a user were tricked \ninto opening a specially crafted URL, an attacker could possibly exploit \nthis to conduct cross-site scripting (XSS) attacks. (CVE-2012-3382)\n\nIt was discovered that the Mono System.Web library incorrectly handled the \nEnableViewStateMac property. If a user were tricked into opening a \nspecially crafted URL, an attacker could possibly exploit this to conduct \ncross-site scripting (XSS) attacks. This issue only affected Ubuntu \n10.04 LTS. (CVE-2010-4159)", "edition": 5, "modified": "2012-07-25T00:00:00", "published": "2012-07-25T00:00:00", "id": "USN-1517-1", "href": "https://ubuntu.com/security/notices/USN-1517-1", "title": "Mono vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
