Fedora Update for hugin FEDORA-2007-2989

2009-02-27T00:00:00

Description

Check for the Version of hugin

{"id": "OPENVAS:861559", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for hugin FEDORA-2007-2989", "description": "Check for the Version of hugin", "published": "2009-02-27T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861559", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html", "2007-2989"], "cvelist": ["CVE-2007-5200"], "lastseen": "2017-07-25T10:57:03", "viewCount": 2, "enchantments": {"score": {"value": -0.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5200"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-5200"]}, {"type": "fedora", "idList": ["FEDORA:LA6G6EUK004641", "FEDORA:LA9NCXGR011271"]}, {"type": "gentoo", "idList": ["GLSA-200712-01"]}, {"type": "nessus", "idList": ["FEDORA_2007-2807.NASL", "FEDORA_2007-2989.NASL", "GENTOO_GLSA-200712-01.NASL", "SUSE_HUGIN-4518.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:59963", "OPENVAS:861139"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18580", "SECURITYVULNS:VULN:8415"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-5200"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-5200"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-5200"]}, {"type": "fedora", "idList": ["FEDORA:LA6G6EUK004641"]}, {"type": "nessus", "idList": ["FEDORA_2007-2807.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:59963"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18580"]}]}, "exploitation": null, "vulnersScore": -0.8}, "pluginID": "861559", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hugin FEDORA-2007-2989\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"hugin on Fedora 7\";\ntag_insight = \"hugin can be used to stitch multiple images together. The resulting image can\n span 360 degrees. Another common use is the creation of very high resolution\n pictures by combining multiple images. It uses the Panorama Tools as backend\n to create high quality images\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html\");\n script_id(861559);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-2989\");\n script_cve_id(\"CVE-2007-5200\");\n script_name( \"Fedora Update for hugin FEDORA-2007-2989\");\n\n script_summary(\"Check for the Version of hugin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"hugin\", rpm:\"hugin~0.6.1~11.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hugin-debuginfo\", rpm:\"hugin-debuginfo~0.6.1~11.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hugin\", rpm:\"hugin~0.6.1~11.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hugin-debuginfo\", rpm:\"hugin-debuginfo~0.6.1~11.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hugin\", rpm:\"hugin~0.6.1~11.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659911869, "score": 1659891095}, "_internal": {"score_hash": "6c2b38d2a78d479d7705f40de0e5a61b"}}

{"nessus": [{"lastseen": "2023-01-11T14:33:37", "description": "This update of hugin disabled the usage of a temporary file.\n(CVE-2007-5200)", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : hugin (hugin-4518)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:hugin", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_HUGIN-4518.NASL", "href": "https://www.tenable.com/plugins/nessus/27268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update hugin-4518.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27268);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5200\");\n\n script_name(english:\"openSUSE 10 Security Update : hugin (hugin-4518)\");\n script_summary(english:\"Check for the hugin-4518 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of hugin disabled the usage of a temporary file.\n(CVE-2007-5200)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected hugin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"hugin-0.6.1-30\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"hugin-0.6.99.4-33.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hugin\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:35:17", "description": "- Mon Nov 5 2007 Bruno Postle <bruno at postle.net> 0.6.1-11\n\n - fix for CVE-2007-5200 hugin unsafe temporary file usage\n\n - bug #332401; bug #362851; bug #362861; bug #362871\n\n - fix Source tag\n\n - update license GPL -> GPLv2+\n\n - Mon Aug 13 2007 Bruno Postle <bruno at postle.net> 0.6.1-7\n\n - rebuild for boost soname change\n\n - add enblend dependency as enblend is now in fedora\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-12T00:00:00", "type": "nessus", "title": "Fedora 7 : hugin-0.6.1-11.fc7 (2007-2989)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hugin", "p-cpe:/a:fedoraproject:fedora:hugin-debuginfo", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2007-2989.NASL", "href": "https://www.tenable.com/plugins/nessus/28154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-2989.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28154);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5200\");\n script_xref(name:\"FEDORA\", value:\"2007-2989\");\n\n script_name(english:\"Fedora 7 : hugin-0.6.1-11.fc7 (2007-2989)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Nov 5 2007 Bruno Postle <bruno at postle.net>\n 0.6.1-11\n\n - fix for CVE-2007-5200 hugin unsafe temporary file\n usage\n\n - bug #332401; bug #362851; bug #362861; bug #362871\n\n - fix Source tag\n\n - update license GPL -> GPLv2+\n\n - Mon Aug 13 2007 Bruno Postle <bruno at postle.net>\n 0.6.1-7\n\n - rebuild for boost soname change\n\n - add enblend dependency as enblend is now in fedora\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=332401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=362851\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004603.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42f92701\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hugin and / or hugin-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"hugin-0.6.1-11.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"hugin-debuginfo-0.6.1-11.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hugin / hugin-debuginfo\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:31", "description": "- Mon Nov 5 2007 Bruno Postle <bruno at postle.net> 0.6.1-11\n\n - fix for CVE-2007-5200 hugin unsafe temporary file usage\n\n - bug #332401; bug #362851; bug #362861; bug #362871\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-07T00:00:00", "type": "nessus", "title": "Fedora 8 : hugin-0.6.1-11.fc8 (2007-2807)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hugin", "p-cpe:/a:fedoraproject:fedora:hugin-debuginfo", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2007-2807.NASL", "href": "https://www.tenable.com/plugins/nessus/27807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-2807.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27807);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5200\");\n script_xref(name:\"FEDORA\", value:\"2007-2807\");\n\n script_name(english:\"Fedora 8 : hugin-0.6.1-11.fc8 (2007-2807)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Nov 5 2007 Bruno Postle <bruno at postle.net>\n 0.6.1-11\n\n - fix for CVE-2007-5200 hugin unsafe temporary file\n usage\n\n - bug #332401; bug #362851; bug #362861; bug #362871\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=332401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=362861\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004511.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6703348\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hugin and / or hugin-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"hugin-0.6.1-11.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"hugin-debuginfo-0.6.1-11.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hugin / hugin-debuginfo\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:39:37", "description": "The remote host is affected by the vulnerability described in GLSA-200712-01 (Hugin: Insecure temporary file creation)\n\n Suse Linux reported that Hugin creates the 'hugin_debug_optim_results.txt' temporary file in an insecure manner.\n Impact :\n\n A local attacker could exploit this vulnerability with a symlink attack, potentially overwriting an arbitrary file with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2007-12-07T00:00:00", "type": "nessus", "title": "GLSA-200712-01 : Hugin: Insecure temporary file creation", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:hugin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200712-01.NASL", "href": "https://www.tenable.com/plugins/nessus/29231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200712-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29231);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5200\");\n script_xref(name:\"GLSA\", value:\"200712-01\");\n\n script_name(english:\"GLSA-200712-01 : Hugin: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200712-01\n(Hugin: Insecure temporary file creation)\n\n Suse Linux reported that Hugin creates the\n 'hugin_debug_optim_results.txt' temporary file in an insecure manner.\n \nImpact :\n\n A local attacker could exploit this vulnerability with a symlink\n attack, potentially overwriting an arbitrary file with the privileges\n of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200712-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Hugin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/hugin-0.6.1-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:hugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/hugin\", unaffected:make_list(\"rge 0.6.1-r1\", \"ge 0.7_beta4-r1\"), vulnerable:make_list(\"lt 0.7_beta4-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Hugin\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:43:49", "description": "hugin, as used on various operating systems including SUSE openSUSE 10.2\nand 10.3, allows local users to overwrite arbitrary files via a symlink\nattack on the hugin_debug_optim_results.txt temporary file.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/hugin/+bug/162602>\n", "cvss3": {}, "published": "2007-10-14T00:00:00", "type": "ubuntucve", "title": "CVE-2007-5200", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2007-10-14T00:00:00", "id": "UB:CVE-2007-5200", "href": "https://ubuntu.com/security/CVE-2007-5200", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-01-28T06:06:24", "description": "hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.", "cvss3": {}, "published": "2007-10-14T18:17:00", "type": "debiancve", "title": "CVE-2007-5200", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2007-10-14T18:17:00", "id": "DEBIANCVE:CVE-2007-5200", "href": "https://security-tracker.debian.org/tracker/CVE-2007-5200", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:56:34", "description": "Check for the Version of hugin", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for hugin FEDORA-2007-2807", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5200"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861139", "href": "http://plugins.openvas.org/nasl.php?oid=861139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hugin FEDORA-2007-2807\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"hugin on Fedora 8\";\ntag_insight = \"hugin can be used to stitch multiple images together. The resulting image can\n span 360 degrees. Another common use is the creation of very high resolution\n pictures by combining multiple images. It uses the Panorama Tools as backend\n to create high quality images\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00107.html\");\n script_id(861139);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-2807\");\n script_cve_id(\"CVE-2007-5200\");\n script_name( \"Fedora Update for hugin FEDORA-2007-2807\");\n\n script_summary(\"Check for the Version of hugin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"hugin\", rpm:\"hugin~0.6.1~11.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hugin-debuginfo\", rpm:\"hugin-debuginfo~0.6.1~11.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hugin\", rpm:\"hugin~0.6.1~11.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hugin-debuginfo\", rpm:\"hugin-debuginfo~0.6.1~11.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hugin\", rpm:\"hugin~0.6.1~11.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:02", "description": "The remote host is missing updates announced in\nadvisory GLSA 200712-01.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200712-01 (hugin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5200"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:59963", "href": "http://plugins.openvas.org/nasl.php?oid=59963", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered in Hugin, potentially allowing for a\nDenial of Service.\";\ntag_solution = \"All Hugin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/hugin-0.6.1-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200712-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=195996\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200712-01.\";\n\n \n\nif(description)\n{\n script_id(59963);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-5200\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200712-01 (hugin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/hugin\", unaffected: make_list(\"rge 0.6.1-r1\", \"ge 0.7_beta4-r1\"), vulnerable: make_list(\"lt 0.7_beta4-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200712-01\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Hugin: Insecure temporary file creation\r\n Date: December 05, 2007\r\n Bugs: #195996\r\n ID: 200712-01\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA vulnerability has been discovered in Hugin, potentially allowing for\r\na Denial of Service.\r\n\r\nBackground\r\n==========\r\n\r\nHugin is a GUI for creating and processing panoramic images.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 media-gfx/hugin < 0.7_beta4-r1 *>= 0.6.1-r1\r\n >= 0.7_beta4-r1\r\n\r\nDescription\r\n===========\r\n\r\nSuse Linux reported that Hugin creates the\r\n"hugin_debug_optim_results.txt" temporary file in an insecure manner.\r\n\r\nImpact\r\n======\r\n\r\nA local attacker could exploit this vulnerability with a symlink\r\nattack, potentially overwriting an arbitrary file with the privileges\r\nof the user running the application.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Hugin users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=media-gfx/hugin-0.6.1-r1"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2007-5200\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5200\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200712-01.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2007 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (GNU/Linux)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFHVySeuhJ+ozIKI5gRApC1AJwINHhhWVulNCH81WAA82o0JHZAMACgkk3u\r\nAV+OcdKR3iV+0OyoEHgyAUs=\r\n=4jjs\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2007-12-06T00:00:00", "title": "[ GLSA 200712-01 ] Hugin: Insecure temporary file creation", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2007-12-06T00:00:00", "id": "SECURITYVULNS:DOC:18580", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18580", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:27", "description": "Unsafe temporary files creation.", "edition": 1, "cvss3": {}, "published": "2007-12-06T00:00:00", "type": "securityvulns", "title": "Hugin symbolic links vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2007-12-06T00:00:00", "id": "SECURITYVULNS:VULN:8415", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8415", "sourceData": "", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2022-01-17T19:15:58", "description": "### Background\n\nHugin is a GUI for creating and processing panoramic images. \n\n### Description\n\nSuse Linux reported that Hugin creates the \"hugin_debug_optim_results.txt\" temporary file in an insecure manner. \n\n### Impact\n\nA local attacker could exploit this vulnerability with a symlink attack, potentially overwriting an arbitrary file with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Hugin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/hugin-0.6.1-r1\"", "cvss3": {}, "published": "2007-12-05T00:00:00", "type": "gentoo", "title": "Hugin: Insecure temporary file creation", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2007-12-05T00:00:00", "id": "GLSA-200712-01", "href": "https://security.gentoo.org/glsa/200712-01", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "description": "hugin can be used to stitch multiple images together. The resulting image c an span 360 degrees. Another common use is the creation of very high resolution pictures by combining multiple images. It uses the Panorama Tools as backe nd to create high quality images ", "cvss3": {}, "published": "2007-11-09T23:38:53", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: hugin-0.6.1-11.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2007-11-09T23:38:53", "id": "FEDORA:LA9NCXGR011271", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RT236AN653JYO5JSHYYZYF54UXG6DCHR/", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "description": "hugin can be used to stitch multiple images together. The resulting image c an span 360 degrees. Another common use is the creation of very high resolution pictures by combining multiple images. It uses the Panorama Tools as backe nd to create high quality images ", "cvss3": {}, "published": "2007-11-06T16:06:33", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: hugin-0.6.1-11.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2007-11-06T16:06:33", "id": "FEDORA:LA6G6EUK004641", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/45QFIGULUDO6AUKTSKTDJLYRVAKT7BVN/", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:13:25", "description": "hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.", "cvss3": {}, "published": "2007-10-14T18:17:00", "type": "cve", "title": "CVE-2007-5200", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5200"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:10.3", "cpe:/o:opensuse:opensuse:10.2"], "id": "CVE-2007-5200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5200", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*"]}]}

Fedora Update for hugin FEDORA-2007-2989

Description

Related