{"id": "RHSA-2009:1646", "hash": "3d428a67d31220245fa1b37bc9bcf3b0", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2018-05-26T04:26:18", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2019-08-13T18:46:45", "history": [{"bulletin": {"id": "RHSA-2009:1646", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2016-04-04T18:41:12", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2016-09-04T11:17:55", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.s390.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.s390x.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ia64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.ppc.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ia64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390x.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.src.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "src"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.i386.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.i386.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ia64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390x.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.ppc.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390x.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.s390x.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.src.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "src"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.ia64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.ia64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc64"}]}, "lastseen": "2016-09-04T11:17:55", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2009:1646", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2017-07-29T20:23:27", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2017-08-02T12:58:20", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-08-02T12:58:20", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2009:1646", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2017-09-08T12:18:01", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2017-09-09T07:20:03", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:03", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2009:1646", "hash": "9d3d65af0051444dd6d66d163a06a8ef", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2018-05-26T04:26:18", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2018-05-27T21:42:24", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "src", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ia64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ia64", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "x86_64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "x86_64", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390x", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390x", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}]}, "lastseen": "2018-05-27T21:42:24", "differentElements": ["affectedPackage"], "edition": 4}, {"bulletin": {"id": "RHSA-2009:1646", "hash": "d1f5ec43ca79754d20c5b1eb1dc9acef", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2018-05-26T04:26:18", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2018-12-11T17:41:08", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3736"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2010-0039.NASL", "FEDORA_2010-4339.NASL", "MANDRIVA_MDVSA-2010-075.NASL", "FREEBSD_PKG_77C14729DC5E11DE92AE02E0184B8D35.NASL", "DEBIAN_DSA-1958.NASL", "FEDORA_2009-12813.NASL", "SUSE_11_LIBLTDL7-091201.NASL", "FEDORA_2010-4407.NASL", "MANDRIVA_MDVSA-2009-307.NASL", "FEDORA_2009-12725.NASL"]}, {"type": "centos", "idList": ["CESA-2010:0039", "CESA-2009:1646"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310861790", "OPENVAS:1361412562310880345", "OPENVAS:1361412562310861857", "OPENVAS:880753", "OPENVAS:66402", "OPENVAS:1361412562310122410", "OPENVAS:880355", "OPENVAS:1361412562310861787", "OPENVAS:880596", "OPENVAS:1361412562310830904"]}, {"type": "freebsd", "idList": ["77C14729-DC5E-11DE-92AE-02E0184B8D35"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0039", "ELSA-2009-1646"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1958-1:EC006"]}, {"type": "seebug", "idList": ["SSV:15008"]}, {"type": "redhat", "idList": ["RHSA-2010:0039"]}], "modified": "2018-12-11T17:41:08"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T17:41:08", "differentElements": ["cvss"], "edition": 5}, {"bulletin": {"id": "RHSA-2009:1646", "hash": "9e48e11c54579ccd7f38c06e64150482", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2018-05-26T04:26:18", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2019-05-29T14:35:11", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2019-05-29T14:35:11"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3736"]}, {"type": "centos", "idList": ["CESA-2010:0039"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1958-1:EC006"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0039"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880347", "OPENVAS:880753", "OPENVAS:1361412562310861790", "OPENVAS:861633", "OPENVAS:1361412562310880355", "OPENVAS:66528", "OPENVAS:1361412562310861857", "OPENVAS:880345", "OPENVAS:861790", "OPENVAS:861670"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2009-307.NASL", "FEDORA_2009-12813.NASL", "ORACLELINUX_ELSA-2010-0039.NASL", "MANDRIVA_MDVSA-2010-075.NASL", "SUSE_LIBTOOL-6683.NASL", "FEDORA_2010-1924.NASL", "SUSE_11_LIBLTDL7-091201.NASL", "FREEBSD_PKG_77C14729DC5E11DE92AE02E0184B8D35.NASL", "FEDORA_2010-4407.NASL", "SUSE_11_0_LIBLTDL-3-091201.NASL"]}, {"type": "freebsd", "idList": ["77C14729-DC5E-11DE-92AE-02E0184B8D35"]}, {"type": "redhat", "idList": ["RHSA-2010:0039"]}], "modified": "2019-05-29T14:35:11"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:35:11", "differentElements": ["affectedPackage"], "edition": 6}], "viewCount": 0, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2019-08-13T18:46:45"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3736"]}, {"type": "centos", "idList": ["CESA-2010:0039", "CESA-2009:1646"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1958-1:EC006"]}, {"type": "freebsd", "idList": ["77C14729-DC5E-11DE-92AE-02E0184B8D35"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0039", "ELSA-2009-1646"]}, {"type": "nessus", "idList": ["FEDORA_2010-1924.NASL", "FEDORA_2009-12725.NASL", "FREEBSD_PKG_77C14729DC5E11DE92AE02E0184B8D35.NASL", "ORACLELINUX_ELSA-2010-0039.NASL", "SUSE_11_LIBLTDL7-091201.NASL", "FEDORA_2010-4407.NASL", "SUSE_11_0_LIBLTDL-3-091201.NASL", "DEBIAN_DSA-1958.NASL", "SUSE_LIBTOOL-6683.NASL", "FEDORA_2010-4339.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880345", "OPENVAS:1361412562310862868", "OPENVAS:1361412562310861733", "OPENVAS:1361412562310861790", "OPENVAS:66528", "OPENVAS:1361412562310861857", "OPENVAS:1361412562310830983", "OPENVAS:830983", "OPENVAS:861633", "OPENVAS:1361412562310122410"]}, {"type": "seebug", "idList": ["SSV:15008"]}], "modified": "2019-08-13T18:46:45"}, "vulnersScore": 6.6}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "x86_64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390x", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ia64", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ia64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390x", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "src", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "x86_64", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:10:00", "bulletinFamily": "NVD", "description": "ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3736", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3736", "published": "2009-11-29T13:07:00", "title": "CVE-2009-3736", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0039\n\n\nThe gcc and gcc4 packages include, among others, C, C++, and Java GNU\ncompilers and related support libraries. libgcj contains a copy of GNU\nLibtool's libltdl library.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nlibraries to load. It was possible for libltdl to load a malicious library\nfrom the current working directory. In certain configurations, if a local\nattacker is able to trick a local user into running a Java application\n(which uses a function to load native libraries, such as\nSystem.loadLibrary) from within an attacker-controlled directory containing\na malicious library or module, the attacker could possibly execute\narbitrary code with the privileges of the user running the Java\napplication. (CVE-2009-3736)\n\nAll gcc and gcc4 users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running Java\napplications using libgcj must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016445.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016446.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016457.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016458.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016459.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016460.html\n\n**Affected packages:**\ncpp\ngcc\ngcc-c++\ngcc-g77\ngcc-gfortran\ngcc-gnat\ngcc-java\ngcc-objc\ngcc-objc++\ngcc4\ngcc4-c++\ngcc4-gfortran\ngcc4-java\nlibf2c\nlibgcc\nlibgcj\nlibgcj-devel\nlibgcj-src\nlibgcj4\nlibgcj4-devel\nlibgcj4-src\nlibgfortran\nlibgnat\nlibgomp\nlibmudflap\nlibmudflap-devel\nlibobjc\nlibstdc++\nlibstdc++-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0039.html", "modified": "2010-01-15T00:07:08", "published": "2010-01-14T12:58:41", "href": "http://lists.centos.org/pipermail/centos-announce/2010-January/016445.html", "id": "CESA-2010:0039", "title": "cpp, gcc, gcc4, libf2c, libgcc, libgcj, libgcj4, libgfortran, libgnat, libgomp, libmudflap, libobjc, libstdc++ security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:48", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1646\n\n\nGNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016354.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016355.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016358.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016359.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016382.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016383.html\n\n**Affected packages:**\nlibtool\nlibtool-libs\nlibtool-ltdl\nlibtool-ltdl-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1646.html", "modified": "2009-12-18T01:40:41", "published": "2009-12-08T22:18:58", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/016354.html", "id": "CESA-2009:1646", "title": "libtool security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "unix", "description": "[4.1.2-46.el5_4.2]\n- fix libjava to avoid opening *.la/dlopening *.so files from current\n working directory or subdirectories thereof (#545672, CVE-2009-3736)", "modified": "2010-01-13T00:00:00", "published": "2010-01-13T00:00:00", "id": "ELSA-2010-0039", "href": "http://linux.oracle.com/errata/ELSA-2010-0039.html", "title": "gcc and gcc4 security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:26", "bulletinFamily": "unix", "description": "[1.5.22-7]\n- add fix for CVE-2009-3736,\n libltdl may load and execute code from a library in the current directory", "modified": "2009-12-08T00:00:00", "published": "2009-12-08T00:00:00", "id": "ELSA-2009-1646", "href": "http://linux.oracle.com/errata/ELSA-2009-1646.html", "title": "libtool security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "unix", "description": "\nSecunia.com\n\nDo not attempt to load an unqualified module.la file from the\n\t current directory (by default) since doing so is insecure and is\n\t not compliant with the documentation.\n\n", "modified": "2010-05-02T00:00:00", "published": "2009-11-25T00:00:00", "id": "77C14729-DC5E-11DE-92AE-02E0184B8D35", "href": "https://vuxml.freebsd.org/freebsd/77c14729-dc5e-11de-92ae-02e0184b8d35.html", "title": "libtool -- Library Search Path Privilege Escalation Issue", "type": "freebsd", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:32", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1958-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nDecember 29, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libtool\nVulnerability : privilege escalation\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2009-3736\n\nIt was discovered that ltdl, a system-independent dlopen wrapper for\nGNU libtool, can be tricked to load and run modules from an arbitrary\ndirectory, which might be used to execute arbitrary code with the\nprivileges of the user running an application that uses libltdl.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.26-4+lenny1.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.5.22-4+etch1.\n\nFor the testing distribution (squeeze) and unstable distribution (sid),\nthis problem has been fixed in 2.2.6b-1.\n\n\nWe recommend that you upgrade your libtool packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.diff.gz\n Size/MD5 checksum: 15804 5479bf2874720d1a57bc051938939c0a\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22.orig.tar.gz\n Size/MD5 checksum: 2921483 8e0ac9797b62ba4dcc8a2fb7936412b0\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.dsc\n Size/MD5 checksum: 791 928acd111c5fef379758412cc69d6955\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.22-4+etch1_all.deb\n Size/MD5 checksum: 340218 48ef3b50f8af4b55f95ab0537dedeae9\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_alpha.deb\n Size/MD5 checksum: 328232 c46de180b19450c2842198a034c5b8ba\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_alpha.deb\n Size/MD5 checksum: 170758 f1ac388e3c8f479fa2e7acca4e05f484\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_alpha.deb\n Size/MD5 checksum: 366952 787b6b0712ad3729077a94177c854c50\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_amd64.deb\n Size/MD5 checksum: 327578 64e861399087ac313e9112633e320db0\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_amd64.deb\n Size/MD5 checksum: 362486 0cd43dfdfac787ae4f03c99d316ee21c\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_amd64.deb\n Size/MD5 checksum: 169952 2383913d7e69ab07a030ed0402e32683\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_arm.deb\n Size/MD5 checksum: 329532 1e77e291f168cd28edbe30017ea7b822\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_arm.deb\n Size/MD5 checksum: 362006 aeeccab2b130622286ff22a62bbb67f6\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_arm.deb\n Size/MD5 checksum: 168932 227df6a702975694b4824277e39397f7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_hppa.deb\n Size/MD5 checksum: 171194 547d0ef8dcad18bf6bcf879bee76618e\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_hppa.deb\n Size/MD5 checksum: 365948 720bb673659bca908c80a87115ced3b3\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_hppa.deb\n Size/MD5 checksum: 329352 f6201f75e7a6c6571c60f8ea54da9513\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_i386.deb\n Size/MD5 checksum: 168334 5f0f5afefa54c57ff00a1688b79daaae\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_i386.deb\n Size/MD5 checksum: 327562 2f3cf778e937d324b2082286ac531915\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_i386.deb\n Size/MD5 checksum: 361676 ff14fcaece7267e5af27ebf077caf5ea\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_ia64.deb\n Size/MD5 checksum: 175104 112a54f534e23a3880131c458e957306\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_ia64.deb\n Size/MD5 checksum: 369056 b6f2318d1cd51e9faec4c8802cc0de71\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_ia64.deb\n Size/MD5 checksum: 328294 abcb9fe2b00b48274f4e9de0fd27ed50\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mips.deb\n Size/MD5 checksum: 364572 ae6c61c8422bf908dc9b5f18fff01e67\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mips.deb\n Size/MD5 checksum: 169100 5243a37ce072d6187ea1e34cbf7e6fbf\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mips.deb\n Size/MD5 checksum: 328044 378a35600bd73d5e426e5c832f207ac2\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mipsel.deb\n Size/MD5 checksum: 364580 79b7a9f63df6e20bfd7746e3ae793ea8\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mipsel.deb\n Size/MD5 checksum: 169202 fa3945f2bab5771aeffbef127cc45611\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mipsel.deb\n Size/MD5 checksum: 328066 a0057c854f9eb9c446e562a3e5709c4b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_powerpc.deb\n Size/MD5 checksum: 171152 f13fa1eac3ff685260e23ff0c2420233\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_powerpc.deb\n Size/MD5 checksum: 365566 6c159f990d8dc9accbe19467d051dde8\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_powerpc.deb\n Size/MD5 checksum: 330962 f9f24a31ad1f58bf59ec28c9575935c0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_s390.deb\n Size/MD5 checksum: 328270 c4b08dee489f328b19ad516dee216962\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_s390.deb\n Size/MD5 checksum: 362352 8ee935bdbbb1f4c95f57825ee86f616c\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_s390.deb\n Size/MD5 checksum: 170398 590304f4913f49222d11fabe32332555\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_sparc.deb\n Size/MD5 checksum: 363224 aeb1e4d3251979e6a55177c3366850ad\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_sparc.deb\n Size/MD5 checksum: 168816 8fe6d60b06d6de10f7960aca438df40a\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_sparc.deb\n Size/MD5 checksum: 329702 074ff3128d67b1717b3a1ccd0d70a970\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.diff.gz\n Size/MD5 checksum: 15298 7895536891fe733289193346f1211b1f\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.dsc\n Size/MD5 checksum: 1158 2c0110d02430920cefe418c00b08e5a3\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26.orig.tar.gz\n Size/MD5 checksum: 2961939 aa9c5107f3ec9ef4200eb6556f3b3c29\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.26-4+lenny1_all.deb\n Size/MD5 checksum: 353398 00fdb1c5aacbe2bfd76e974072cecd92\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_alpha.deb\n Size/MD5 checksum: 340108 3d99e043fd16ae4af9acd16efc1fff26\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_alpha.deb\n Size/MD5 checksum: 180254 2030953d25d5b7fa12f536c76d4546e5\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_alpha.deb\n Size/MD5 checksum: 377734 ded6b77079273f704065f9f6475da4c7\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_amd64.deb\n Size/MD5 checksum: 342324 024dd362d4fc2f38f3b81494164bd4c0\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_amd64.deb\n Size/MD5 checksum: 179612 11d74a42ceb86748828417ecb82ca661\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_amd64.deb\n Size/MD5 checksum: 368974 740e2aba77ce0401161317cecea761b4\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_arm.deb\n Size/MD5 checksum: 341736 e5fe5c3ffa5d5de1b073bb91eac8a8b0\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_arm.deb\n Size/MD5 checksum: 178324 327d37b6946885a0aa06b7d36d2366ce\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_arm.deb\n Size/MD5 checksum: 371700 afd48c2330e97b428a66bff30df8dcb8\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_armel.deb\n Size/MD5 checksum: 341552 f33f24ea711ad50d8272905b008fa07b\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_armel.deb\n Size/MD5 checksum: 178428 037eaffb7d97ac009f3e4f47f4084c8e\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_armel.deb\n Size/MD5 checksum: 372294 e4ebc8b9b39d3408ee7b013f6110a534\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_hppa.deb\n Size/MD5 checksum: 342994 78b16e97b4f6d5ee535f5a9849d060b2\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_hppa.deb\n Size/MD5 checksum: 180100 f2118a5317c1523f2edf902492f11c38\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_hppa.deb\n Size/MD5 checksum: 376492 37816a937fed1aa3e5c8a9d1bda2da26\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_i386.deb\n Size/MD5 checksum: 371688 296a45a98910fbf8210ebdddd7a32d3d\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_i386.deb\n Size/MD5 checksum: 177256 d719aec237df6bc5b8d750dec91cbef2\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_i386.deb\n Size/MD5 checksum: 340266 56f624655ef5e058047a9f371260b70d\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_ia64.deb\n Size/MD5 checksum: 340338 c824369bbc99fd250112c9b19166e3b8\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_ia64.deb\n Size/MD5 checksum: 379582 69b5eee78005d15b7b401d27c5f1d1f0\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_ia64.deb\n Size/MD5 checksum: 184492 97c04d77404888003be057d64318a4b4\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mips.deb\n Size/MD5 checksum: 340324 13cec80a9732f7ebe1a4b9b1c3437676\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mips.deb\n Size/MD5 checksum: 178136 8c14238558d3712f1ba13ccdf832b6e7\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mips.deb\n Size/MD5 checksum: 374582 e34e1dce0adbe82708cf1414b18b9ee8\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mipsel.deb\n Size/MD5 checksum: 374506 0433b8b68f5cf7eaf4011bd27afc200a\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mipsel.deb\n Size/MD5 checksum: 340308 b80fa5af20cb7d42cae3387bc2637bfa\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mipsel.deb\n Size/MD5 checksum: 178204 e3936e2dbe0eb3634b0ea82032b38711\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_powerpc.deb\n Size/MD5 checksum: 375240 e62c37f7f3a4768d50273f048f38f4fc\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_powerpc.deb\n Size/MD5 checksum: 180654 d3cd620555224ae9ad381f01f097556f\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_powerpc.deb\n Size/MD5 checksum: 343366 2b09e0d1c5ede965df7cccafb58bb8b8\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_s390.deb\n Size/MD5 checksum: 179634 7e19a9d6985c0f3d7769a6b29ea948ac\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_s390.deb\n Size/MD5 checksum: 340302 5b26c4c3cf96ef1f129cdf28af8f6c46\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_s390.deb\n Size/MD5 checksum: 372154 797787dcf36fb7a820f8d70da82a5e56\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_sparc.deb\n Size/MD5 checksum: 177310 0d3bb2aebb71f94eb90b2e098efa3dfc\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_sparc.deb\n Size/MD5 checksum: 373190 e87271026a1b94f47e1e9bda5a74a6d7\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_sparc.deb\n Size/MD5 checksum: 341944 9ae772fd5ac03c0552221c744ad3a969\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2009-12-29T17:27:23", "published": "2009-12-29T17:27:23", "id": "DEBIAN:DSA-1958-1:EC006", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00287.html", "title": "[SECURITY] [DSA 1958-1] New libtool packages fix privilege escalation", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-20T13:18:53", "bulletinFamily": "scanner", "description": "Check for the Version of gambas", "modified": "2017-12-19T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861633", "id": "OPENVAS:861633", "title": "Fedora Update for gambas FEDORA-2010-1872", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gambas FEDORA-2010-1872\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gambas on Fedora 12\";\ntag_insight = \"Gambas is a free development environment based on a Basic interpreter\n with object extensions, like Visual Basic (but it is NOT a clone !).\n With Gambas, you can quickly design your program GUI, access MySQL or\n PostgreSQL databases, pilot KDE applications with DCOP, translate your\n program into many languages, create network applications easily, and so\n on...\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html\");\n script_id(861633);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1872\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for gambas FEDORA-2010-1872\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gambas\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gambas\", rpm:\"gambas~1.0.19~12.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:1361412562310862870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862870", "title": "Fedora Update for q FEDORA-2011-1958", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for q FEDORA-2011-1958\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862870\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-1958\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for q FEDORA-2011-1958\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'q'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"q on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"q\", rpm:\"q~7.11~8.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-20T13:18:06", "bulletinFamily": "scanner", "description": "Check for the Version of mingw32-libltdl", "modified": "2017-12-19T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861670", "id": "OPENVAS:861670", "title": "Fedora Update for mingw32-libltdl FEDORA-2010-2943", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libltdl FEDORA-2010-2943\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The mingw32-libltdl package contains the GNU Libtool Dynamic Module Loader, a\n library that provides a consistent, portable interface which simplifies the\n process of using dynamic modules, for the mingw32 cross compilation\n environment.\n\n These runtime libraries are needed by programs that link directly to the\n system-installed ltdl libraries; they are not needed by software built using\n the rest of the GNU Autotools (including GNU Autoconf and GNU Automake).\";\n\ntag_affected = \"mingw32-libltdl on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035851.html\");\n script_id(861670);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-2943\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for mingw32-libltdl FEDORA-2010-2943\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw32-libltdl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libltdl\", rpm:\"mingw32-libltdl~1.5.26~17.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:53", "bulletinFamily": "scanner", "description": "Check for the Version of cpp", "modified": "2017-12-19T00:00:00", "published": "2010-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880345", "id": "OPENVAS:880345", "title": "CentOS Update for cpp CESA-2010:0039 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cpp CESA-2010:0039 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The gcc and gcc4 packages include, among others, C, C++, and Java GNU\n compilers and related support libraries. libgcj contains a copy of GNU\n Libtool's libltdl library.\n\n A flaw was found in the way GNU Libtool's libltdl library looked for\n libraries to load. It was possible for libltdl to load a malicious library\n from the current working directory. In certain configurations, if a local\n attacker is able to trick a local user into running a Java application\n (which uses a function to load native libraries, such as\n System.loadLibrary) from within an attacker-controlled directory containing\n a malicious library or module, the attacker could possibly execute\n arbitrary code with the privileges of the user running the Java\n application. (CVE-2009-3736)\n \n All gcc and gcc4 users should upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running Java\n applications using libgcj must be restarted for this update to take effect.\";\n\ntag_affected = \"cpp on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016460.html\");\n script_id(880345);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0039\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"CentOS Update for cpp CESA-2010:0039 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cpp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpp\", rpm:\"cpp~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc\", rpm:\"gcc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4\", rpm:\"gcc4~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-c++\", rpm:\"gcc4-c++~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-gfortran\", rpm:\"gcc4-gfortran~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-java\", rpm:\"gcc4-java~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-c++\", rpm:\"gcc-c++~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-g77\", rpm:\"gcc-g77~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-gnat\", rpm:\"gcc-gnat~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-java\", rpm:\"gcc-java~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-objc\", rpm:\"gcc-objc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libf2c\", rpm:\"libf2c~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcc\", rpm:\"libgcc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj\", rpm:\"libgcj~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4\", rpm:\"libgcj4~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4-devel\", rpm:\"libgcj4-devel~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4-src\", rpm:\"libgcj4-src~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj-devel\", rpm:\"libgcj-devel~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgfortran\", rpm:\"libgfortran~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnat\", rpm:\"libgnat~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgomp\", rpm:\"libgomp~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmudflap\", rpm:\"libmudflap~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmudflap-devel\", rpm:\"libmudflap-devel~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libobjc\", rpm:\"libobjc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libstdc++\", rpm:\"libstdc++~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libstdc++-devel\", rpm:\"libstdc++-devel~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:57", "bulletinFamily": "scanner", "description": "Check for the Version of phpmyadmin", "modified": "2017-12-22T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830904", "id": "OPENVAS:1361412562310830904", "title": "Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpmyadmin on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"This is a maintenance and bugfix release that upgrades phpmyadmin\n to 3.2.5 that solves intermittent segfaults and brings many upstream\n fixes as well.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00048.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830904\");\n script_version(\"$Revision: 8228 $\");\n script_cve_id(\"CVE-2009-3736\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:46:47 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:075\");\n script_name(\"Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpmyadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpmyadmin\", rpm:\"phpmyadmin~3.2.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:45", "bulletinFamily": "scanner", "description": "Check for the Version of esorex", "modified": "2017-12-26T00:00:00", "published": "2010-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861790", "id": "OPENVAS:1361412562310861790", "title": "Fedora Update for esorex FEDORA-2010-3314", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for esorex FEDORA-2010-3314\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"esorex on Fedora 11\";\ntag_insight = \"EsoRex is the ESO Recipe Execution Tool. It can list, configure and\n execute CPL-based recipes from the command line.\n One of the features provided by the CPL is the ability to create\n data-reduction algorithms that run as plugins (dynamic libraries). These\n are called recipes and are one of the main aspects of the\n CPL data-reduction development environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037659.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861790\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-3314\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for esorex FEDORA-2010-3314\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of esorex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"esorex\", rpm:\"esorex~3.7.2~3.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:23", "bulletinFamily": "scanner", "description": "Check for the Version of hamlib", "modified": "2017-12-20T00:00:00", "published": "2010-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861857", "id": "OPENVAS:1361412562310861857", "type": "openvas", "title": "Fedora Update for hamlib FEDORA-2010-4407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hamlib FEDORA-2010-4407\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Hamlib provides a standardised programming interface that applications\n can use to send the appropriate commands to a radio.\n\n Also included in the package is a simple radio control program 'rigctl',\n which lets one control a radio transceiver or receiver, either from\n command line interface or in a text-oriented interactive interface.\";\n\ntag_affected = \"hamlib on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038467.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861857\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-4407\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for hamlib FEDORA-2010-4407\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of hamlib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"hamlib\", rpm:\"hamlib~1.2.10~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:03", "bulletinFamily": "scanner", "description": "Check for the Version of cpp", "modified": "2018-01-19T00:00:00", "published": "2010-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880347", "id": "OPENVAS:1361412562310880347", "type": "openvas", "title": "CentOS Update for cpp CESA-2010:0039 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cpp CESA-2010:0039 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The gcc and gcc4 packages include, among others, C, C++, and Java GNU\n compilers and related support libraries. libgcj contains a copy of GNU\n Libtool's libltdl library.\n\n A flaw was found in the way GNU Libtool's libltdl library looked for\n libraries to load. It was possible for libltdl to load a malicious library\n from the current working directory. In certain configurations, if a local\n attacker is able to trick a local user into running a Java application\n (which uses a function to load native libraries, such as\n System.loadLibrary) from within an attacker-controlled directory containing\n a malicious library or module, the attacker could possibly execute\n arbitrary code with the privileges of the user running the Java\n application. (CVE-2009-3736)\n \n All gcc and gcc4 users should upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running Java\n applications using libgcj must be restarted for this update to take effect.\";\n\ntag_affected = \"cpp on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016459.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880347\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0039\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"CentOS Update for cpp CESA-2010:0039 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cpp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpp\", rpm:\"cpp~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc\", rpm:\"gcc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4\", rpm:\"gcc4~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-c++\", rpm:\"gcc4-c++~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-gfortran\", rpm:\"gcc4-gfortran~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-java\", rpm:\"gcc4-java~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-c++\", rpm:\"gcc-c++~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-g77\", rpm:\"gcc-g77~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-gnat\", rpm:\"gcc-gnat~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-java\", rpm:\"gcc-java~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-objc\", rpm:\"gcc-objc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libf2c\", rpm:\"libf2c~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcc\", rpm:\"libgcc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj\", rpm:\"libgcj~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4\", rpm:\"libgcj4~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4-devel\", rpm:\"libgcj4-devel~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4-src\", rpm:\"libgcj4-src~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj-devel\", rpm:\"libgcj-devel~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgfortran\", rpm:\"libgfortran~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnat\", rpm:\"libgnat~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgomp\", rpm:\"libgomp~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmudflap\", rpm:\"libmudflap~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmudflap-devel\", rpm:\"libmudflap-devel~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libobjc\", rpm:\"libobjc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libstdc++\", rpm:\"libstdc++~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libstdc++-devel\", rpm:\"libstdc++-devel~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:01", "bulletinFamily": "scanner", "description": "Check for the Version of openoffice.org", "modified": "2017-12-25T00:00:00", "published": "2010-04-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830983", "id": "OPENVAS:830983", "title": "Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This updates provides a security update to the OpenOffice.org described\n as follow:\n\n OpenOffice's xmlsec uses a bundled Libtool which might load .la\n file in the current working directory allowing local users to gain\n privileges via a Trojan horse file. For enabling such vulnerability\n xmlsec has to use --enable-crypto_dl building flag however it does\n not, although the fix keeps protected against this threat whenever\n that flag had been enabled (CVE-2009-3736).\n \n Addittionaly this update provides following bug fixes:\n \n OpenOffice.org is not properly configure to use the xdg-email\n functionality of the FreeDesktop standard (#52195).\n \n Template desktop icons are not properly set up then they are not\n presented under the context menu of applications like Dolphin (#56439).\n \n libia_ora-gnome is added as suggest as long as that package is needed\n for a better look (#57385#c28).\n \n It is enabled a fallback logic to properly select an OpenOffice.org\n style whenever one is set up but that is not installed (#57530#c1,\n #53284, #45133, #39043)\n \n It is enabled the Firefox plugin for viewing OpenOffice.org documents\n inside browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"openoffice.org on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00016.php\");\n script_id(830983);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:075\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openoffice.org\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"openoffice.org\", rpm:\"openoffice.org~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-base\", rpm:\"openoffice.org-base~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-calc\", rpm:\"openoffice.org-calc~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-common\", rpm:\"openoffice.org-common~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-core\", rpm:\"openoffice.org-core~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-devel\", rpm:\"openoffice.org-devel~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-devel-doc\", rpm:\"openoffice.org-devel-doc~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-draw\", rpm:\"openoffice.org-draw~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-filter-binfilter\", rpm:\"openoffice.org-filter-binfilter~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-gnome\", rpm:\"openoffice.org-gnome~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-af\", rpm:\"openoffice.org-help-af~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-ar\", rpm:\"openoffice.org-help-ar~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-bg\", rpm:\"openoffice.org-help-bg~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-br\", rpm:\"openoffice.org-help-br~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-bs\", rpm:\"openoffice.org-help-bs~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-ca\", rpm:\"openoffice.org-help-ca~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-cs\", rpm:\"openoffice.org-help-cs~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-cy\", rpm:\"openoffice.org-help-cy~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-da\", rpm:\"openoffice.org-help-da~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-de\", rpm:\"openoffice.org-help-de~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-el\", rpm:\"openoffice.org-help-el~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-en_GB\", rpm:\"openoffice.org-help-en_GB~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-en_US\", rpm:\"openoffice.org-help-en_US~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-es\", rpm:\"openoffice.org-help-es~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-et\", rpm:\"openoffice.org-help-et~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-eu\", rpm:\"openoffice.org-help-eu~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-fi\", rpm:\"openoffice.org-help-fi~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-fr\", rpm:\"openoffice.org-help-fr~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-he\", rpm:\"openoffice.org-help-he~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-hi\", rpm:\"openoffice.org-help-hi~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-hu\", rpm:\"openoffice.org-help-hu~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-it\", rpm:\"openoffice.org-help-it~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-ja\", rpm:\"openoffice.org-help-ja~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-ko\", rpm:\"openoffice.org-help-ko~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-mk\", rpm:\"openoffice.org-help-mk~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-nb\", rpm:\"openoffice.org-help-nb~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-nl\", rpm:\"openoffice.org-help-nl~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-nn\", rpm:\"openoffice.org-help-nn~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-pl\", rpm:\"openoffice.org-help-pl~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-pt\", rpm:\"openoffice.org-help-pt~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-pt_BR\", rpm:\"openoffice.org-help-pt_BR~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-ru\", rpm:\"openoffice.org-help-ru~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-sk\", rpm:\"openoffice.org-help-sk~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-sl\", rpm:\"openoffice.org-help-sl~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-sv\", rpm:\"openoffice.org-help-sv~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-ta\", rpm:\"openoffice.org-help-ta~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-tr\", rpm:\"openoffice.org-help-tr~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-zh_CN\", rpm:\"openoffice.org-help-zh_CN~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-zh_TW\", rpm:\"openoffice.org-help-zh_TW~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-help-zu\", rpm:\"openoffice.org-help-zu~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-impress\", rpm:\"openoffice.org-impress~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-java-common\", rpm:\"openoffice.org-java-common~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-af\", rpm:\"openoffice.org-l10n-af~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-ar\", rpm:\"openoffice.org-l10n-ar~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-bg\", rpm:\"openoffice.org-l10n-bg~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-br\", rpm:\"openoffice.org-l10n-br~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-bs\", rpm:\"openoffice.org-l10n-bs~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-ca\", rpm:\"openoffice.org-l10n-ca~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-cs\", rpm:\"openoffice.org-l10n-cs~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-cy\", rpm:\"openoffice.org-l10n-cy~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-da\", rpm:\"openoffice.org-l10n-da~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-de\", rpm:\"openoffice.org-l10n-de~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-el\", rpm:\"openoffice.org-l10n-el~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-en_GB\", rpm:\"openoffice.org-l10n-en_GB~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-es\", rpm:\"openoffice.org-l10n-es~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-et\", rpm:\"openoffice.org-l10n-et~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-eu\", rpm:\"openoffice.org-l10n-eu~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-fi\", rpm:\"openoffice.org-l10n-fi~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-fr\", rpm:\"openoffice.org-l10n-fr~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-he\", rpm:\"openoffice.org-l10n-he~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-hi\", rpm:\"openoffice.org-l10n-hi~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-hu\", rpm:\"openoffice.org-l10n-hu~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-it\", rpm:\"openoffice.org-l10n-it~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-ja\", rpm:\"openoffice.org-l10n-ja~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-ko\", rpm:\"openoffice.org-l10n-ko~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-mk\", rpm:\"openoffice.org-l10n-mk~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-nb\", rpm:\"openoffice.org-l10n-nb~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-nl\", rpm:\"openoffice.org-l10n-nl~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-nn\", rpm:\"openoffice.org-l10n-nn~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-pl\", rpm:\"openoffice.org-l10n-pl~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-pt\", rpm:\"openoffice.org-l10n-pt~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-pt_BR\", rpm:\"openoffice.org-l10n-pt_BR~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-ru\", rpm:\"openoffice.org-l10n-ru~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-sk\", rpm:\"openoffice.org-l10n-sk~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-sl\", rpm:\"openoffice.org-l10n-sl~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-sv\", rpm:\"openoffice.org-l10n-sv~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-ta\", rpm:\"openoffice.org-l10n-ta~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-tr\", rpm:\"openoffice.org-l10n-tr~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-zh_CN\", rpm:\"openoffice.org-l10n-zh_CN~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-zh_TW\", rpm:\"openoffice.org-l10n-zh_TW~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-l10n-zu\", rpm:\"openoffice.org-l10n-zu~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-math\", rpm:\"openoffice.org-math~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-mono\", rpm:\"openoffice.org-mono~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-openclipart\", rpm:\"openoffice.org-openclipart~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-pdfimport\", rpm:\"openoffice.org-pdfimport~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-presentation-minimizer\", rpm:\"openoffice.org-presentation-minimizer~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-presenter-screen\", rpm:\"openoffice.org-presenter-screen~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-pyuno\", rpm:\"openoffice.org-pyuno~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-style-crystal\", rpm:\"openoffice.org-style-crystal~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-style-galaxy\", rpm:\"openoffice.org-style-galaxy~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-style-hicontrast\", rpm:\"openoffice.org-style-hicontrast~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-style-industrial\", rpm:\"openoffice.org-style-industrial~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-style-tango\", rpm:\"openoffice.org-style-tango~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-testtool\", rpm:\"openoffice.org-testtool~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-wiki-publisher\", rpm:\"openoffice.org-wiki-publisher~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-writer\", rpm:\"openoffice.org-writer~3.1.1~2.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:04:17", "bulletinFamily": "scanner", "description": "Check for the Version of cpp", "modified": "2018-01-10T00:00:00", "published": "2010-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880345", "id": "OPENVAS:1361412562310880345", "title": "CentOS Update for cpp CESA-2010:0039 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cpp CESA-2010:0039 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The gcc and gcc4 packages include, among others, C, C++, and Java GNU\n compilers and related support libraries. libgcj contains a copy of GNU\n Libtool's libltdl library.\n\n A flaw was found in the way GNU Libtool's libltdl library looked for\n libraries to load. It was possible for libltdl to load a malicious library\n from the current working directory. In certain configurations, if a local\n attacker is able to trick a local user into running a Java application\n (which uses a function to load native libraries, such as\n System.loadLibrary) from within an attacker-controlled directory containing\n a malicious library or module, the attacker could possibly execute\n arbitrary code with the privileges of the user running the Java\n application. (CVE-2009-3736)\n \n All gcc and gcc4 users should upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running Java\n applications using libgcj must be restarted for this update to take effect.\";\n\ntag_affected = \"cpp on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016460.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880345\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0039\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"CentOS Update for cpp CESA-2010:0039 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cpp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpp\", rpm:\"cpp~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc\", rpm:\"gcc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4\", rpm:\"gcc4~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-c++\", rpm:\"gcc4-c++~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-gfortran\", rpm:\"gcc4-gfortran~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-java\", rpm:\"gcc4-java~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-c++\", rpm:\"gcc-c++~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-g77\", rpm:\"gcc-g77~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-gnat\", rpm:\"gcc-gnat~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-java\", rpm:\"gcc-java~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-objc\", rpm:\"gcc-objc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libf2c\", rpm:\"libf2c~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcc\", rpm:\"libgcc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj\", rpm:\"libgcj~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4\", rpm:\"libgcj4~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4-devel\", rpm:\"libgcj4-devel~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4-src\", rpm:\"libgcj4-src~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj-devel\", rpm:\"libgcj-devel~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgfortran\", rpm:\"libgfortran~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnat\", rpm:\"libgnat~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgomp\", rpm:\"libgomp~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmudflap\", rpm:\"libmudflap~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmudflap-devel\", rpm:\"libmudflap-devel~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libobjc\", rpm:\"libobjc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libstdc++\", rpm:\"libstdc++~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libstdc++-devel\", rpm:\"libstdc++-devel~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:19:24", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0039 :\n\nUpdated gcc and gcc4 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool's libltdl library.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736)\n\nAll gcc and gcc4 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running Java applications using libgcj must be restarted for this update to take effect.", "modified": "2019-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2010-0039.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67985", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : gcc / gcc4 (ELSA-2010-0039)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0039 and \n# Oracle Linux Security Advisory ELSA-2010-0039 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67985);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"RHSA\", value:\"2010:0039\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : gcc / gcc4 (ELSA-2010-0039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0039 :\n\nUpdated gcc and gcc4 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe gcc and gcc4 packages include, among others, C, C++, and Java GNU\ncompilers and related support libraries. libgcj contains a copy of GNU\nLibtool's libltdl library.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nlibraries to load. It was possible for libltdl to load a malicious\nlibrary from the current working directory. In certain configurations,\nif a local attacker is able to trick a local user into running a Java\napplication (which uses a function to load native libraries, such as\nSystem.loadLibrary) from within an attacker-controlled directory\ncontaining a malicious library or module, the attacker could possibly\nexecute arbitrary code with the privileges of the user running the\nJava application. (CVE-2009-3736)\n\nAll gcc and gcc4 users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running Java\napplications using libgcj must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-January/001317.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-January/001319.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-January/001320.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gcc and / or gcc4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc-g77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc-gfortran\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc-gnat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc-objc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc-objc++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc4-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc4-gfortran\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gcc4-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libf2c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgcc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgcj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgcj-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgcj-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgcj4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgcj4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgcj4-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgfortran\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgnat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgomp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libmudflap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libmudflap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libobjc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libstdc++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libstdc++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"cpp-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"cpp-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"gcc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"gcc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"gcc-c++-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"gcc-c++-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"gcc-g77-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"gcc-g77-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"gcc-gnat-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"gcc-gnat-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"gcc-java-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"gcc-java-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"gcc-objc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"gcc-objc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libf2c-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libf2c-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libgcc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libgcc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libgcj-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libgcj-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libgcj-devel-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libgcj-devel-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libgnat-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libgnat-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libobjc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libobjc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libstdc++-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libstdc++-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libstdc++-devel-3.2.3-60\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libstdc++-devel-3.2.3-60\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"cpp-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc-c++-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc-g77-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc-gnat-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc-java-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc-objc-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc4-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc4-c++-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc4-gfortran-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gcc4-java-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libf2c-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgcc-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgcj-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgcj-devel-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgcj4-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgcj4-devel-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgcj4-src-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgfortran-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgnat-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libgomp-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libmudflap-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libmudflap-devel-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libobjc-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libstdc++-3.4.6-11.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libstdc++-devel-3.4.6-11.0.1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"cpp-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gcc-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gcc-c++-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gcc-gfortran-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gcc-gnat-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gcc-java-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gcc-objc-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gcc-objc++-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libgcc-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libgcj-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libgcj-devel-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libgcj-src-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libgfortran-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libgnat-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libmudflap-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libmudflap-devel-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libobjc-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libstdc++-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libstdc++-devel-4.1.2-46.el5_4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpp / gcc / gcc-c++ / gcc-g77 / gcc-gfortran / gcc-gnat / gcc-java / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:40", "bulletinFamily": "scanner", "description": "libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.", "modified": "2013-10-25T00:00:00", "published": "2010-01-05T00:00:00", "id": "SUSE_11_LIBLTDL7-091201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43633", "title": "SuSE 11 Security Update : libtool (SAT Patch Number 1626)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43633);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:46:56 $\");\n\n script_cve_id(\"CVE-2009-3736\");\n\n script_name(english:\"SuSE 11 Security Update : libtool (SAT Patch Number 1626)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=556122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3736.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1626.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libltdl7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libltdl7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtool-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libltdl7-2.2.6-2.131.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libltdl7-2.2.6-2.131.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libltdl7-32bit-2.2.6-2.131.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libltdl7-2.2.6-2.131.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libtool-2.2.6-2.131.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libltdl7-32bit-2.2.6-2.131.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libtool-32bit-2.2.6-2.131.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libltdl7-32bit-2.2.6-2.131.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libtool-32bit-2.2.6-2.131.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:32", "bulletinFamily": "scanner", "description": "Remove embedded ltdl to fix CVE-2009-3736\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-12T00:00:00", "id": "FEDORA_2010-4339.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47355", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : gnu-smalltalk-3.1-8.fc12 (2010-4339)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4339.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47355);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_xref(name:\"FEDORA\", value:\"2010-4339\");\n\n script_name(english:\"Fedora 12 : gnu-smalltalk-3.1-8.fc12 (2010-4339)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remove embedded ltdl to fix CVE-2009-3736\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=563974\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037576.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93fd2a12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnu-smalltalk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnu-smalltalk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"gnu-smalltalk-3.1-8.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnu-smalltalk\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:32", "bulletinFamily": "scanner", "description": "- Thu Mar 11 2010 Lucian Langa <cooly at gnome.eu.org> - 1.2.10-2\n\n - kill rpath\n\n - misc cleanups\n\n - use system ltdl (#563975)\n\n - Sat Nov 7 2009 Lucian Langa <cooly at gnome.eu.org> - 1.2.10-1\n\n - new upstream release\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-12T00:00:00", "id": "FEDORA_2010-4407.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47361", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : hamlib-1.2.10-2.fc12 (2010-4407)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4407.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47361);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2010-4407\");\n\n script_name(english:\"Fedora 12 : hamlib-1.2.10-2.fc12 (2010-4407)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Mar 11 2010 Lucian Langa <cooly at gnome.eu.org> -\n 1.2.10-2\n\n - kill rpath\n\n - misc cleanups\n\n - use system ltdl (#563975)\n\n - Sat Nov 7 2009 Lucian Langa <cooly at gnome.eu.org> -\n 1.2.10-1\n\n - new upstream release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038467.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a32cdc7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hamlib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hamlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"hamlib-1.2.10-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hamlib\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:31", "bulletinFamily": "scanner", "description": "Fix package so that it uses the system copy of libtool-ltdl, and get rid of the ancient embedded copy, which suffers from the vulnerability in CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-12T00:00:00", "id": "FEDORA_2010-1924.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47283", "published": "2010-07-01T00:00:00", "title": "Fedora 11 : gambas-1.0.19-12.fc11 (2010-1924)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1924.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47283);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2010-1924\");\n\n script_name(english:\"Fedora 11 : gambas-1.0.19-12.fc11 (2010-1924)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix package so that it uses the system copy of libtool-ltdl, and get\nrid of the ancient embedded copy, which suffers from the vulnerability\nin CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=563971\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3e66b83\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gambas package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gambas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"gambas-1.0.19-12.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gambas\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:41", "bulletinFamily": "scanner", "description": "This updates provides a security update to the OpenOffice.org described as follow :\n\nOpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736).\n\nAddittionaly this update provides following bug fixes :\n\nOpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195).\n\nTemplate desktop icons are not properly set up then they are not presented under the context menu of applications like Dolphin (#56439).\n\nlibia_ora-gnome is added as suggest as long as that package is needed for a better look (#57385#c28).\n\nIt is enabled a fallback logic to properly select an OpenOffice.org style whenever one is set up but that is not installed (#57530#c1, #53284, #45133, #39043)\n\nIt is enabled the Firefox plugin for viewing OpenOffice.org documents inside browser.", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2010-075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48178", "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:075)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48178);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"MDVSA\", value:\"2010:075\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates provides a security update to the OpenOffice.org\ndescribed as follow :\n\nOpenOffice's xmlsec uses a bundled Libtool which might load .la file\nin the current working directory allowing local users to gain\nprivileges via a Trojan horse file. For enabling such vulnerability\nxmlsec has to use --enable-crypto_dl building flag however it does\nnot, although the fix keeps protected against this threat whenever\nthat flag had been enabled (CVE-2009-3736).\n\nAddittionaly this update provides following bug fixes :\n\nOpenOffice.org is not properly configure to use the xdg-email\nfunctionality of the FreeDesktop standard (#52195).\n\nTemplate desktop icons are not properly set up then they are not\npresented under the context menu of applications like Dolphin\n(#56439).\n\nlibia_ora-gnome is added as suggest as long as that package is needed\nfor a better look (#57385#c28).\n\nIt is enabled a fallback logic to properly select an OpenOffice.org\nstyle whenever one is set up but that is not installed (#57530#c1,\n#53284, #45133, #39043)\n\nIt is enabled the Firefox plugin for viewing OpenOffice.org documents\ninside browser.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-calc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-devel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-draw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-filter-binfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-en_US\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-impress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-java-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-openclipart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-pdfimport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-presentation-minimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-presenter-screen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-pyuno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-crystal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-galaxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-hicontrast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-industrial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-tango\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-testtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-wiki-publisher\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-writer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-base-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-calc-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-common-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-core-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-devel-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-devel-doc-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-draw-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-filter-binfilter-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-gnome-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-af-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ar-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-bg-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-br-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-bs-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ca-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-cs-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-cy-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-da-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-de-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-el-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-en_GB-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-en_US-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-es-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-et-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-eu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-fi-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-fr-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-he-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-hi-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-hu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-it-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ja-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ko-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-mk-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-nb-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-nl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-nn-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-pl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-pt-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-pt_BR-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ru-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-sk-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-sl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-sv-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ta-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-tr-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-zh_CN-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-zh_TW-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-zu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-impress-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-java-common-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-af-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ar-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-bg-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-br-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-bs-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ca-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-cs-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-cy-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-da-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-de-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-el-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-en_GB-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-es-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-et-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-eu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-fi-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-fr-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-he-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-hi-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-hu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-it-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ja-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ko-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-mk-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-nb-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-nl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-nn-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-pl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-pt-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-pt_BR-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ru-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-sk-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-sl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-sv-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ta-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-tr-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-zh_CN-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-zh_TW-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-zu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-math-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-mono-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-openclipart-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-pdfimport-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-presentation-minimizer-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-presenter-screen-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-pyuno-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-crystal-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-galaxy-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-hicontrast-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-industrial-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-tango-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-testtool-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-wiki-publisher-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-writer-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:46", "bulletinFamily": "scanner", "description": "A vulnerability was discovered and corrected in libtool :\n\nAll versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736).\n\nThis advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-307.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42943", "published": "2009-12-01T00:00:00", "title": "Mandriva Linux Security Advisory : libtool (MDVSA-2009:307-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:307. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42943);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"MDVSA\", value:\"2009:307-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtool (MDVSA-2009:307-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in libtool :\n\nAll versions of libtool prior to 2.2.6b suffers from a local privilege\nescalation vulnerability that could be exploited under certain\nconditions to load arbitrary code (CVE-2009-3736).\n\nThis advisory fixes this issue. Additionally, all applications\nembedding the libtool code were patched in order to avoid possible\nfuture exploitations of this issue.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-gfortran\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-gnat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-objc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-objc++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcj-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:heartbeat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:heartbeat-ldirectord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:heartbeat-pils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:heartbeat-stonith\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64arts1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64arts1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gcj-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gcj-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gcj8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-apphb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-pils1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-pils1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-stonith1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-stonith1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ltdl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ltdl3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magick10.7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magick10.7.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64prelude-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64prelude-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64prelude2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tunepimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tunepimp5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libarts1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libarts1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffi4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj8-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj8-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgfortran2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgnat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgomp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgomp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-apphb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-pils1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-pils1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-stonith1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-stonith1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libltdl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libltdl3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmagick10.7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmagick10.7.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmudflap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmudflap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libobjc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libprelude-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libprelude-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libprelude2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libstdc++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libstdc++-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libstdc++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtool-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtunepimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtunepimp5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Image-Magick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-prelude\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:prelude-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_autohost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ban\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_case\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ctrls_admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_gss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ifsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ratio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_rewrite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_shaper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_site_misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_postgres\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-prelude\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-tunepimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:smalltalk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tunepimp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tunepimp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"arts-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-c++-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-cpp-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-doc-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-doc-pdf-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-gfortran-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-gnat-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-java-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-objc-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-objc++-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcj-tools-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"heartbeat-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"heartbeat-ldirectord-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"heartbeat-pils-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"heartbeat-stonith-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"imagemagick-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"imagemagick-desktop-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"imagemagick-doc-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64arts1-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64arts1-devel-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gcj-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gcj-static-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gcj8-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-apphb0-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-pils1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-pils1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-stonith1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-stonith1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ltdl3-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ltdl3-devel-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64magick10.7.0-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64magick10.7.0-devel-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64prelude-devel-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64prelude-static-devel-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64prelude2-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64tunepimp-devel-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64tunepimp5-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libarts1-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libarts1-devel-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libffi-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libffi4-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgcc1-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgcj-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgcj-static-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgcj8-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgcj8-base-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgcj8-src-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgfortran2-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgnat1-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgomp-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgomp1-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-apphb0-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-pils1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-pils1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-stonith1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-stonith1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libltdl3-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libltdl3-devel-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmagick10.7.0-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmagick10.7.0-devel-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libmudflap-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libmudflap0-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libobjc2-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libprelude-devel-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libprelude-static-devel-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libprelude2-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libstdc++-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libstdc++-static-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libstdc++6-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libtool-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libtool-base-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtunepimp-devel-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtunepimp5-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"perl-Image-Magick-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"perl-prelude-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"prelude-tools-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-devel-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_autohost-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ban-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_case-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ctrls_admin-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_gss-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ifsession-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ldap-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_load-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_file-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_ldap-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_radius-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_sql-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_radius-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ratio-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_rewrite-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_shaper-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_site_misc-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql_mysql-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql_postgres-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_time-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_tls-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap_file-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap_sql-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-prelude-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-tunepimp-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"smalltalk-2.3.3-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tunepimp-plugins-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tunepimp-utils-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:51", "bulletinFamily": "scanner", "description": "- Tue Dec 22 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-20\n\n - fix MEM_SIZE of reload created stack slots (#548825, PR rtl-optimization/42429)\n\n - fix addition of one character long filenames in fastjar (#549493)\n\n - Thu Dec 17 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-18\n\n - update from gcc-4_4-branch\n\n - PRs c++/42387\n\n - another C++ virtual dtors fix (PR c++/42386)\n\n - VTA mode and COND_EXEC fixes (PR debug/41679)\n\n - fix ICE in chrec_convert_1 (#547775)\n\n - fix debuginfo for optimized out TLS vars\n\n - use DW_AT_location with DW_OP_addr + DW_OP_stack_value instead of DW_AT_const_value with address in it, use DW_OP_addr + DW_OP_stack_value instead of DW_OP_implicit_value with address (#546017)\n\n - Mon Dec 14 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-17\n\n - propagate TREE_NOTHROW/TREE_READONLY/DECL_PURE_P from ipa-pure-const and EH opt to all same body aliases (#547286)\n\n - don't emit DWARF location list entries with no location or DW_AT_location with empty blocks (PR debug/41473)\n\n - fix up AMD LWP support\n\n - don't crash when mangling C++ decls inside of middle-end generated functions (PR c++/41183)\n\n - Fri Dec 11 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-16\n\n - update from gcc-4_4-branch\n\n - PRs c++/27425, c++/34274, c++/42301, fortran/42268, java/41991, libstdc++/42273, rtl-optimization/41574, target/41196, target/41939 target/42263\n\n - Wed Dec 9 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-15\n\n - VTA backports\n\n - PRs debug/42166, debug/42234, debug/42244, debug/42299\n\n - fix handling of C++ COMDAT virtual destructors\n\n - some x86/x86_64 FMA4, XOP, ABM and LWP fixes\n\n - fix a decltype handling bug in templates (PR c++/42277)\n\n - Fri Dec 4 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-14\n\n - update from gcc-4_4-branch\n\n - PRs libstdc++/42261, middle-end/42049\n\n - backport C++0x ICE fix from trunk (PR c++/42266)\n\n - fortran !$omp workshare improvements (PR fortran/35423)\n\n - FMA4 and XOP fixes\n\n - Wed Dec 2 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-13\n\n - fix security issues in libltdl bundled within libgcj (CVE-2009-3736)\n\n - Wed Dec 2 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-12\n\n - update from gcc-4_4-branch\n\n - PRs c++/42234, fortran/41278, fortran/41807, fortran/42162, target/42113, target/42165\n\n - don't ICE on -O256 (#539923)\n\n - fix -mregnames on ppc/ppc64\n\n - optimize even COMDAT constructors and destructors without virtual bases (PR c++/3187)\n\n - Mon Nov 23 2009 Jakub Jelinek <jakub at redhat.com> 4.4.2-11\n\n[plus 32 lines in the Changelog]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2009-12813.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43612", "published": "2009-12-30T00:00:00", "title": "Fedora 12 : gcc-4.4.2-20.fc12 (2009-12813)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12813.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43612);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2009-12813\");\n\n script_name(english:\"Fedora 12 : gcc-4.4.2-20.fc12 (2009-12813)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Dec 22 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-20\n\n - fix MEM_SIZE of reload created stack slots (#548825,\n PR rtl-optimization/42429)\n\n - fix addition of one character long filenames in fastjar\n (#549493)\n\n - Thu Dec 17 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-18\n\n - update from gcc-4_4-branch\n\n - PRs c++/42387\n\n - another C++ virtual dtors fix (PR c++/42386)\n\n - VTA mode and COND_EXEC fixes (PR debug/41679)\n\n - fix ICE in chrec_convert_1 (#547775)\n\n - fix debuginfo for optimized out TLS vars\n\n - use DW_AT_location with DW_OP_addr + DW_OP_stack_value\n instead of DW_AT_const_value with address in it, use\n DW_OP_addr + DW_OP_stack_value instead of\n DW_OP_implicit_value with address (#546017)\n\n - Mon Dec 14 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-17\n\n - propagate TREE_NOTHROW/TREE_READONLY/DECL_PURE_P from\n ipa-pure-const and EH opt to all same body aliases\n (#547286)\n\n - don't emit DWARF location list entries with no location\n or DW_AT_location with empty blocks (PR debug/41473)\n\n - fix up AMD LWP support\n\n - don't crash when mangling C++ decls inside of\n middle-end generated functions (PR c++/41183)\n\n - Fri Dec 11 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-16\n\n - update from gcc-4_4-branch\n\n - PRs c++/27425, c++/34274, c++/42301, fortran/42268,\n java/41991, libstdc++/42273, rtl-optimization/41574,\n target/41196, target/41939 target/42263\n\n - Wed Dec 9 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-15\n\n - VTA backports\n\n - PRs debug/42166, debug/42234, debug/42244, debug/42299\n\n - fix handling of C++ COMDAT virtual destructors\n\n - some x86/x86_64 FMA4, XOP, ABM and LWP fixes\n\n - fix a decltype handling bug in templates (PR\n c++/42277)\n\n - Fri Dec 4 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-14\n\n - update from gcc-4_4-branch\n\n - PRs libstdc++/42261, middle-end/42049\n\n - backport C++0x ICE fix from trunk (PR c++/42266)\n\n - fortran !$omp workshare improvements (PR\n fortran/35423)\n\n - FMA4 and XOP fixes\n\n - Wed Dec 2 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-13\n\n - fix security issues in libltdl bundled within libgcj\n (CVE-2009-3736)\n\n - Wed Dec 2 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-12\n\n - update from gcc-4_4-branch\n\n - PRs c++/42234, fortran/41278, fortran/41807,\n fortran/42162, target/42113, target/42165\n\n - don't ICE on -O256 (#539923)\n\n - fix -mregnames on ppc/ppc64\n\n - optimize even COMDAT constructors and destructors\n without virtual bases (PR c++/3187)\n\n - Mon Nov 23 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-11\n\n[plus 32 lines in the Changelog]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/033321.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa4ac9dc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gcc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gcc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"gcc-4.4.2-20.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gcc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:06", "bulletinFamily": "scanner", "description": "It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.", "modified": "2018-11-28T00:00:00", "id": "DEBIAN_DSA-1958.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44823", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1958-1 : libtool - privilege escalation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1958. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44823);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"DSA\", value:\"1958\");\n\n script_name(english:\"Debian DSA-1958-1 : libtool - privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ltdl, a system-independent dlopen wrapper for\nGNU libtool, can be tricked to load and run modules from an arbitrary\ndirectory, which might be used to execute arbitrary code with the\nprivileges of the user running an application that uses libltdl.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1958\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libtool packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.5.22-4+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.26-4+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libltdl3\", reference:\"1.5.22-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libltdl3-dev\", reference:\"1.5.22-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libtool\", reference:\"1.5.22-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libtool-doc\", reference:\"1.5.22-4+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libltdl3\", reference:\"1.5.26-4+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libltdl3-dev\", reference:\"1.5.26-4+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libtool\", reference:\"1.5.26-4+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libtool-doc\", reference:\"1.5.26-4+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:45", "bulletinFamily": "scanner", "description": "Secunia.com\n\nDo not attempt to load an unqualified module.la file from the current directory (by default) since doing so is insecure and is not compliant with the documentation.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_77C14729DC5E11DE92AE02E0184B8D35.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42912", "published": "2009-11-30T00:00:00", "title": "FreeBSD : libtool -- Library Search Path Privilege Escalation Issue (77c14729-dc5e-11de-92ae-02e0184b8d35)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42912);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_xref(name:\"Secunia\", value:\"37414\");\n\n script_name(english:\"FreeBSD : libtool -- Library Search Path Privilege Escalation Issue (77c14729-dc5e-11de-92ae-02e0184b8d35)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia.com\n\nDo not attempt to load an unqualified module.la file from the current\ndirectory (by default) since doing so is insecure and is not compliant\nwith the documentation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html\"\n );\n # https://vuxml.freebsd.org/freebsd/77c14729-dc5e-11de-92ae-02e0184b8d35.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17a23d96\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libtool<2.2.6b\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:27:53", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 37128\r\nCVE ID: CVE-2009-3736\r\n\r\nGNU libtool\u662f\u4e00\u4e2a\u901a\u7528\u5e93\u652f\u6301\u811a\u672c\uff0c\u5c06\u4f7f\u7528\u52a8\u6001\u5e93\u7684\u590d\u6742\u6027\u9690\u85cf\u5728\u7edf\u4e00\u3001\u53ef\u79fb\u690d\u7684\u63a5\u53e3\u4e2d\u3002\r\n\r\nGNU Libtool\u7684libltdl\u5e93\u4e2d\u7684ltdl.c\u6587\u4ef6\u5c06\u5f53\u524d\u5de5\u4f5c\u76ee\u5f55\u7528\u4f5c\u4e86\u5e93\u7684\u641c\u7d22\u8def\u5f84\uff0c\u5982\u679c\u653b\u51fb\u8005\u521b\u5efa\u4e86\u6076\u610f\u7684\u5171\u4eab\u5bf9\u8c61\u6216.la\u6587\u4ef6\u5e76\u8bf1\u9a97\u7528\u6237\u4f7f\u7528\u540c\u4e00\u76ee\u5f55\u4e2d\u7684libtool\u5e93\u6267\u884c\u5e94\u7528\u7a0b\u5e8f\uff0c\u5c31\u4f1a\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nGNU libtool 2.2.6\r\nGNU libtool 1.5.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGNU\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html", "modified": "2009-12-02T00:00:00", "published": "2009-12-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15008", "id": "SSV:15008", "type": "seebug", "title": "GNU Libtool libltdl\u5e93\u641c\u7d22\u8def\u5f84\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "sourceData": "\n https://bugzilla.redhat.com/attachment.cgi?id=372311\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15008", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}