{"id": "RHSA-2009:1646", "hash": "d1f5ec43ca79754d20c5b1eb1dc9acef", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2018-05-26T04:26:18", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2018-12-11T17:41:08", "history": [{"bulletin": {"id": "RHSA-2009:1646", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2016-04-04T18:41:12", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2016-09-04T11:17:55", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.s390.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.s390x.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ia64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.ppc.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ia64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390x.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.src.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "src"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.i386.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.i386.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ia64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390x.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.ppc.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390x.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.s390x.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.src.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "src"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.ia64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.ia64.rpm", "operator": "lt", "OSVersion": "4", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt", "OSVersion": "5", "OS": "RedHat", "arch": "ppc64"}]}, "lastseen": "2016-09-04T11:17:55", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2009:1646", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2017-07-29T20:23:27", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2017-08-02T12:58:20", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-08-02T12:58:20", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2009:1646", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2017-09-08T12:18:01", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2017-09-09T07:20:03", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool", "packageFilename": "libtool-1.5.6-5.el4_8.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.6-5.el4_8", "packageName": "libtool-libs", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool-ltdl-devel", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.5.22-7.el5_4", "packageName": "libtool", "packageFilename": "libtool-1.5.22-7.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:03", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2009:1646", "hash": "9d3d65af0051444dd6d66d163a06a8ef", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1646) Moderate: libtool security update", "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.", "published": "2009-12-08T05:00:00", "modified": "2018-05-26T04:26:18", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1646", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3736"], "lastseen": "2018-05-27T21:42:24", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "src", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ia64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ia64", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "x86_64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "x86_64", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc64", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390x", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390x", "packageName": "libtool-libs", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-libs-1.5.6-5.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool-ltdl", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool-ltdl-devel", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-ltdl-devel-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "libtool", "packageVersion": "1.5.22-7.el5_4", "packageFilename": "libtool-1.5.22-7.el5_4.ia64.rpm", "operator": "lt"}]}, "lastseen": "2018-05-27T21:42:24", "differentElements": ["affectedPackage"], "edition": 4}], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3736"]}, {"type": "openvas", "idList": ["OPENVAS:861854", "OPENVAS:861704", "OPENVAS:880345", "OPENVAS:861690", "OPENVAS:1361412562310880352", "OPENVAS:136141256231066470", "OPENVAS:1361412562310861790", "OPENVAS:1361412562310862868", "OPENVAS:66402", "OPENVAS:880596"]}, {"type": "centos", "idList": ["CESA-2009:1646"]}, {"type": "nessus", "idList": ["SUSE_11_0_LIBLTDL-3-091201.NASL", "SUSE_11_LIBLTDL7-091201.NASL", "CENTOS_RHSA-2010-0039.NASL", "FEDORA_2010-1833.NASL", "FEDORA_2010-2341.NASL", "FEDORA_2010-4392.NASL", "FEDORA_2009-12562.NASL", "FEDORA_2009-12813.NASL", "REDHAT-RHSA-2009-1646.NASL", "FEDORA_2009-12725.NASL"]}, {"type": "seebug", "idList": ["SSV:15008"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0039", "ELSA-2009-1646"]}, {"type": "redhat", "idList": ["RHSA-2010:0039"]}, {"type": "freebsd", "idList": ["77C14729-DC5E-11DE-92AE-02E0184B8D35"]}], "modified": "2018-12-11T17:41:08"}, "vulnersScore": 7.2}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "libtool", "packageVersion": "1.5.6-5.el4_8", "packageFilename": "libtool-1.5.6-5.el4_8.i386.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-09-19T13:36:40", "bulletinFamily": "NVD", "description": "ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.", "modified": "2017-09-18T21:29:45", "published": "2009-11-29T08:07:52", "id": "CVE-2009-3736", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3736", "title": "CVE-2009-3736", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-28T18:25:10", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0039", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122401", "title": "Oracle Linux Local Check: ELSA-2010-0039", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0039.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122401\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:18:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0039\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0039 - gcc and gcc4 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0039\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0039.html\");\n script_cve_id(\"CVE-2009-3736\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"cpp\", rpm:\"cpp~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gcc\", rpm:\"gcc~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gcc-c++\", rpm:\"gcc-c++~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gcc-gfortran\", rpm:\"gcc-gfortran~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gcc-gnat\", rpm:\"gcc-gnat~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gcc-java\", rpm:\"gcc-java~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gcc-objc++\", rpm:\"gcc-objc++~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gcc-objc\", rpm:\"gcc-objc~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libgcc\", rpm:\"libgcc~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libgcj\", rpm:\"libgcj~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libgcj-devel\", rpm:\"libgcj-devel~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libgcj-src\", rpm:\"libgcj-src~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libgfortran\", rpm:\"libgfortran~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libgnat\", rpm:\"libgnat~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libmudflap\", rpm:\"libmudflap~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libmudflap-devel\", rpm:\"libmudflap-devel~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libobjc\", rpm:\"libobjc~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libstdc++\", rpm:\"libstdc++~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libstdc++-devel\", rpm:\"libstdc++-devel~4.1.2~46.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:53", "bulletinFamily": "scanner", "description": "Check for the Version of gambas", "modified": "2017-12-19T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861633", "id": "OPENVAS:861633", "title": "Fedora Update for gambas FEDORA-2010-1872", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gambas FEDORA-2010-1872\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gambas on Fedora 12\";\ntag_insight = \"Gambas is a free development environment based on a Basic interpreter\n with object extensions, like Visual Basic (but it is NOT a clone !).\n With Gambas, you can quickly design your program GUI, access MySQL or\n PostgreSQL databases, pilot KDE applications with DCOP, translate your\n program into many languages, create network applications easily, and so\n on...\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html\");\n script_id(861633);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1872\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for gambas FEDORA-2010-1872\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gambas\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gambas\", rpm:\"gambas~1.0.19~12.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:40", "bulletinFamily": "scanner", "description": "Check for the Version of gnu-smalltalk", "modified": "2017-12-22T00:00:00", "published": "2010-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861787", "id": "OPENVAS:861787", "title": "Fedora Update for gnu-smalltalk FEDORA-2010-4392", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnu-smalltalk FEDORA-2010-4392\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GNU Smalltalk is an implementation that closely follows the\n Smalltalk-80 language as described in the book `Smalltalk-80: the\n Language and its Implementation' by Adele Goldberg and David Robson.\n The Smalltalk programming language is an object oriented programming\n language.\n\n Unlike other Smalltalks (including Smalltalk-80), GNU Smalltalk\n emphasizes Smalltalk's rapid prototyping features rather than the\n graphical and easy-to-use nature of the programming environment.\n \n Therefore, even though we have a nice GUI environment including a class\n browser, the goal of the GNU Smalltalk project is currently to produce a\n complete system to be used to write your scripts in a clear, aesthetically\n pleasing, and philosophically appealing programming language.\";\n\ntag_affected = \"gnu-smalltalk on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037654.html\");\n script_id(861787);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-4392\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for gnu-smalltalk FEDORA-2010-4392\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnu-smalltalk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnu-smalltalk\", rpm:\"gnu-smalltalk~3.1~8.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:06", "bulletinFamily": "scanner", "description": "Check for the Version of mingw32-libltdl", "modified": "2017-12-19T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861670", "id": "OPENVAS:861670", "title": "Fedora Update for mingw32-libltdl FEDORA-2010-2943", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libltdl FEDORA-2010-2943\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The mingw32-libltdl package contains the GNU Libtool Dynamic Module Loader, a\n library that provides a consistent, portable interface which simplifies the\n process of using dynamic modules, for the mingw32 cross compilation\n environment.\n\n These runtime libraries are needed by programs that link directly to the\n system-installed ltdl libraries; they are not needed by software built using\n the rest of the GNU Autotools (including GNU Autoconf and GNU Automake).\";\n\ntag_affected = \"mingw32-libltdl on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035851.html\");\n script_id(861670);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-2943\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for mingw32-libltdl FEDORA-2010-2943\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw32-libltdl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libltdl\", rpm:\"mingw32-libltdl~1.5.26~17.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:11:22", "bulletinFamily": "scanner", "description": "Check for the Version of gnu-smalltalk", "modified": "2017-12-12T00:00:00", "published": "2010-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861791", "id": "OPENVAS:861791", "title": "Fedora Update for gnu-smalltalk FEDORA-2010-4339", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnu-smalltalk FEDORA-2010-4339\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GNU Smalltalk is an implementation that closely follows the\n Smalltalk-80 language as described in the book `Smalltalk-80: the\n Language and its Implementation' by Adele Goldberg and David Robson.\n The Smalltalk programming language is an object oriented programming\n language.\n\n Unlike other Smalltalks (including Smalltalk-80), GNU Smalltalk\n emphasizes Smalltalk's rapid prototyping features rather than the\n graphical and easy-to-use nature of the programming environment.\n \n Therefore, even though we have a nice GUI environment including a class\n browser, the goal of the GNU Smalltalk project is currently to produce a\n complete system to be used to write your scripts in a clear, aesthetically\n pleasing, and philosophically appealing programming language.\";\n\ntag_affected = \"gnu-smalltalk on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037576.html\");\n script_id(861791);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-4339\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for gnu-smalltalk FEDORA-2010-4339\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnu-smalltalk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnu-smalltalk\", rpm:\"gnu-smalltalk~3.1~8.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:37", "bulletinFamily": "scanner", "description": "Check for the Version of q", "modified": "2017-07-10T00:00:00", "published": "2011-03-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862870", "id": "OPENVAS:862870", "title": "Fedora Update for q FEDORA-2011-1958", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for q FEDORA-2011-1958\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"q on Fedora 13\";\ntag_insight = \"Q is a powerful and extensible functional programming language based\n on the term rewriting calculus. You specify an arbitrary system of\n equations which the interpreter uses as rewrite rules to reduce\n expressions to normal form. Q is useful for scientific programming and\n other advanced applications, and also as a sophisticated kind of\n desktop calculator. The distribution includes the Q programming tools,\n a standard library, add-on modules for interfacing to Curl, GNU dbm,\n ODBC, GNU Octave, ImageMagick, Tcl/Tk, XML/XSLT and an Emacs mode.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html\");\n script_id(862870);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-1958\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for q FEDORA-2011-1958\");\n\n script_summary(\"Check for the Version of q\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"q\", rpm:\"q~7.11~8.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libtool\nannounced via advisory FEDORA-2009-12562.", "modified": "2017-07-10T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66589", "id": "OPENVAS:66589", "title": "Fedora Core 12 FEDORA-2009-12562 (libtool)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12562.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12562 (libtool)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nlibltdl may load and execute code from a library in the current directory.\n\nChangeLog:\n\n* Wed Dec 2 2009 Karsten Hopp 2.2.6-17\n- fix directory name used in libtool tarball\n* Wed Dec 2 2009 Karsten Hopp 2.2.6-16\n- update to 2.2.6b, fixes CVE-2009-3736:\nlibltdl may load and execute code from a library in the current directory\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libtool' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12562\";\ntag_summary = \"The remote host is missing an update to libtool\nannounced via advisory FEDORA-2009-12562.\";\n\n\n\nif(description)\n{\n script_id(66589);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3736\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 12 FEDORA-2009-12562 (libtool)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=537941\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libtool\", rpm:\"libtool~2.2.6~17.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtool-ltdl\", rpm:\"libtool-ltdl~2.2.6~17.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtool-ltdl-devel\", rpm:\"libtool-ltdl-devel~2.2.6~17.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtool-debuginfo\", rpm:\"libtool-debuginfo~2.2.6~17.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:22", "bulletinFamily": "scanner", "description": "Check for the Version of gnu-smalltalk", "modified": "2017-12-20T00:00:00", "published": "2010-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861791", "id": "OPENVAS:1361412562310861791", "type": "openvas", "title": "Fedora Update for gnu-smalltalk FEDORA-2010-4339", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnu-smalltalk FEDORA-2010-4339\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GNU Smalltalk is an implementation that closely follows the\n Smalltalk-80 language as described in the book `Smalltalk-80: the\n Language and its Implementation' by Adele Goldberg and David Robson.\n The Smalltalk programming language is an object oriented programming\n language.\n\n Unlike other Smalltalks (including Smalltalk-80), GNU Smalltalk\n emphasizes Smalltalk's rapid prototyping features rather than the\n graphical and easy-to-use nature of the programming environment.\n \n Therefore, even though we have a nice GUI environment including a class\n browser, the goal of the GNU Smalltalk project is currently to produce a\n complete system to be used to write your scripts in a clear, aesthetically\n pleasing, and philosophically appealing programming language.\";\n\ntag_affected = \"gnu-smalltalk on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037576.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861791\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-4339\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for gnu-smalltalk FEDORA-2010-4339\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnu-smalltalk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnu-smalltalk\", rpm:\"gnu-smalltalk~3.1~8.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:23", "bulletinFamily": "scanner", "description": "Check for the Version of hamlib", "modified": "2017-12-20T00:00:00", "published": "2010-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861857", "id": "OPENVAS:1361412562310861857", "type": "openvas", "title": "Fedora Update for hamlib FEDORA-2010-4407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hamlib FEDORA-2010-4407\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Hamlib provides a standardised programming interface that applications\n can use to send the appropriate commands to a radio.\n\n Also included in the package is a simple radio control program 'rigctl',\n which lets one control a radio transceiver or receiver, either from\n command line interface or in a text-oriented interactive interface.\";\n\ntag_affected = \"hamlib on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038467.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861857\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-4407\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for hamlib FEDORA-2010-4407\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of hamlib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"hamlib\", rpm:\"hamlib~1.2.10~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:04:17", "bulletinFamily": "scanner", "description": "Check for the Version of cpp", "modified": "2018-01-10T00:00:00", "published": "2010-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880345", "id": "OPENVAS:1361412562310880345", "title": "CentOS Update for cpp CESA-2010:0039 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cpp CESA-2010:0039 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The gcc and gcc4 packages include, among others, C, C++, and Java GNU\n compilers and related support libraries. libgcj contains a copy of GNU\n Libtool's libltdl library.\n\n A flaw was found in the way GNU Libtool's libltdl library looked for\n libraries to load. It was possible for libltdl to load a malicious library\n from the current working directory. In certain configurations, if a local\n attacker is able to trick a local user into running a Java application\n (which uses a function to load native libraries, such as\n System.loadLibrary) from within an attacker-controlled directory containing\n a malicious library or module, the attacker could possibly execute\n arbitrary code with the privileges of the user running the Java\n application. (CVE-2009-3736)\n \n All gcc and gcc4 users should upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running Java\n applications using libgcj must be restarted for this update to take effect.\";\n\ntag_affected = \"cpp on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016460.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880345\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0039\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"CentOS Update for cpp CESA-2010:0039 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cpp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpp\", rpm:\"cpp~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc\", rpm:\"gcc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4\", rpm:\"gcc4~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-c++\", rpm:\"gcc4-c++~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-gfortran\", rpm:\"gcc4-gfortran~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc4-java\", rpm:\"gcc4-java~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-c++\", rpm:\"gcc-c++~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-g77\", rpm:\"gcc-g77~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-gnat\", rpm:\"gcc-gnat~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-java\", rpm:\"gcc-java~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gcc-objc\", rpm:\"gcc-objc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libf2c\", rpm:\"libf2c~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcc\", rpm:\"libgcc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj\", rpm:\"libgcj~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4\", rpm:\"libgcj4~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4-devel\", rpm:\"libgcj4-devel~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj4-src\", rpm:\"libgcj4-src~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgcj-devel\", rpm:\"libgcj-devel~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgfortran\", rpm:\"libgfortran~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnat\", rpm:\"libgnat~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgomp\", rpm:\"libgomp~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmudflap\", rpm:\"libmudflap~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmudflap-devel\", rpm:\"libmudflap-devel~4.1.2~44.EL4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libobjc\", rpm:\"libobjc~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libstdc++\", rpm:\"libstdc++~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libstdc++-devel\", rpm:\"libstdc++-devel~3.4.6~11.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:35:44", "bulletinFamily": "scanner", "description": "libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.", "modified": "2014-06-13T00:00:00", "published": "2010-01-05T00:00:00", "id": "SUSE_11_2_LIBLTDL-3-091202.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43632", "title": "openSUSE Security Update : libltdl-3 (libltdl-3-1638)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libltdl-3-1638.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43632);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:00:36 $\");\n\n script_cve_id(\"CVE-2009-3736\");\n\n script_name(english:\"openSUSE Security Update : libltdl-3 (libltdl-3-1638)\");\n script_summary(english:\"Check for the libltdl-3-1638 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=556122\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libltdl-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libltdl7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libltdl7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtool-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libltdl7-2.2.6-47.451.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libtool-2.2.6-47.451.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libltdl7-32bit-2.2.6-47.451.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libtool-32bit-2.2.6-47.451.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libltdl7 / libltdl7-32bit / libtool / libtool-32bit\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:53", "bulletinFamily": "scanner", "description": "libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.", "modified": "2014-06-13T00:00:00", "published": "2010-01-05T00:00:00", "id": "SUSE_11_1_LIBLTDL-3-091201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43630", "title": "openSUSE Security Update : libltdl-3 (libltdl-3-1638)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libltdl-3-1638.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43630);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:49:35 $\");\n\n script_cve_id(\"CVE-2009-3736\");\n\n script_name(english:\"openSUSE Security Update : libltdl-3 (libltdl-3-1638)\");\n script_summary(english:\"Check for the libltdl-3-1638 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=556122\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libltdl-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libltdl7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libltdl7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtool-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libltdl7-2.2.6-1.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libtool-2.2.6-1.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libltdl7-32bit-2.2.6-1.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libtool-32bit-2.2.6-1.36.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libltdl7 / libltdl7-32bit / libtool / libtool-32bit\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:10:07", "bulletinFamily": "scanner", "description": "Secunia.com\n\nDo not attempt to load an unqualified module.la file from the current\ndirectory (by default) since doing so is insecure and is not compliant\nwith the documentation.", "modified": "2018-11-10T00:00:00", "published": "2009-11-30T00:00:00", "id": "FREEBSD_PKG_77C14729DC5E11DE92AE02E0184B8D35.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42912", "title": "FreeBSD : libtool -- Library Search Path Privilege Escalation Issue (77c14729-dc5e-11de-92ae-02e0184b8d35)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42912);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_xref(name:\"Secunia\", value:\"37414\");\n\n script_name(english:\"FreeBSD : libtool -- Library Search Path Privilege Escalation Issue (77c14729-dc5e-11de-92ae-02e0184b8d35)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia.com\n\nDo not attempt to load an unqualified module.la file from the current\ndirectory (by default) since doing so is insecure and is not compliant\nwith the documentation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html\"\n );\n # https://vuxml.freebsd.org/freebsd/77c14729-dc5e-11de-92ae-02e0184b8d35.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17a23d96\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libtool<2.2.6b\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:10:46", "bulletinFamily": "scanner", "description": "- Thu Mar 11 2010 Lucian Langa <cooly at gnome.eu.org> -\n 1.2.8-4\n\n - kill rpath\n\n - use system ltdl (#563975)\n\n - fix documents install\n\n - misc cleanups\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-07-12T00:00:00", "published": "2010-07-01T00:00:00", "id": "FEDORA_2010-4352.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47358", "title": "Fedora 11 : hamlib-1.2.8-4.fc11 (2010-4352)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4352.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47358);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2010-4352\");\n\n script_name(english:\"Fedora 11 : hamlib-1.2.8-4.fc11 (2010-4352)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Mar 11 2010 Lucian Langa <cooly at gnome.eu.org> -\n 1.2.8-4\n\n - kill rpath\n\n - use system ltdl (#563975)\n\n - fix documents install\n\n - misc cleanups\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038472.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46538cfb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hamlib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hamlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"hamlib-1.2.8-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hamlib\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:10:55", "bulletinFamily": "scanner", "description": "This updates provides a security update to the OpenOffice.org\ndescribed as follow :\n\nOpenOffice's xmlsec uses a bundled Libtool which might load .la file\nin the current working directory allowing local users to gain\nprivileges via a Trojan horse file. For enabling such vulnerability\nxmlsec has to use --enable-crypto_dl building flag however it does\nnot, although the fix keeps protected against this threat whenever\nthat flag had been enabled (CVE-2009-3736).\n\nAddittionaly this update provides following bug fixes :\n\nOpenOffice.org is not properly configure to use the xdg-email\nfunctionality of the FreeDesktop standard (#52195).\n\nTemplate desktop icons are not properly set up then they are not\npresented under the context menu of applications like Dolphin\n(#56439).\n\nlibia_ora-gnome is added as suggest as long as that package is needed\nfor a better look (#57385#c28).\n\nIt is enabled a fallback logic to properly select an OpenOffice.org\nstyle whenever one is set up but that is not installed (#57530#c1,\n#53284, #45133, #39043)\n\nIt is enabled the Firefox plugin for viewing OpenOffice.org documents\ninside browser.", "modified": "2019-01-02T00:00:00", "published": "2010-07-30T00:00:00", "id": "MANDRIVA_MDVSA-2010-075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48178", "title": "Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:075)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48178);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"MDVSA\", value:\"2010:075\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates provides a security update to the OpenOffice.org\ndescribed as follow :\n\nOpenOffice's xmlsec uses a bundled Libtool which might load .la file\nin the current working directory allowing local users to gain\nprivileges via a Trojan horse file. For enabling such vulnerability\nxmlsec has to use --enable-crypto_dl building flag however it does\nnot, although the fix keeps protected against this threat whenever\nthat flag had been enabled (CVE-2009-3736).\n\nAddittionaly this update provides following bug fixes :\n\nOpenOffice.org is not properly configure to use the xdg-email\nfunctionality of the FreeDesktop standard (#52195).\n\nTemplate desktop icons are not properly set up then they are not\npresented under the context menu of applications like Dolphin\n(#56439).\n\nlibia_ora-gnome is added as suggest as long as that package is needed\nfor a better look (#57385#c28).\n\nIt is enabled a fallback logic to properly select an OpenOffice.org\nstyle whenever one is set up but that is not installed (#57530#c1,\n#53284, #45133, #39043)\n\nIt is enabled the Firefox plugin for viewing OpenOffice.org documents\ninside browser.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-calc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-devel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-draw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-filter-binfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-en_US\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-help-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-impress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-java-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-l10n-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-openclipart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-pdfimport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-presentation-minimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-presenter-screen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-pyuno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-crystal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-galaxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-hicontrast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-industrial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-style-tango\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-testtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-wiki-publisher\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openoffice.org-writer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-base-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-calc-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-common-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-core-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-devel-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-devel-doc-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-draw-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-filter-binfilter-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-gnome-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-af-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ar-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-bg-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-br-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-bs-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ca-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-cs-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-cy-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-da-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-de-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-el-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-en_GB-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-en_US-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-es-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-et-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-eu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-fi-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-fr-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-he-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-hi-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-hu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-it-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ja-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ko-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-mk-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-nb-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-nl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-nn-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-pl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-pt-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-pt_BR-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ru-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-sk-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-sl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-sv-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-ta-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-tr-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-zh_CN-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-zh_TW-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-help-zu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-impress-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-java-common-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-af-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ar-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-bg-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-br-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-bs-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ca-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-cs-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-cy-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-da-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-de-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-el-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-en_GB-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-es-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-et-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-eu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-fi-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-fr-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-he-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-hi-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-hu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-it-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ja-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ko-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-mk-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-nb-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-nl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-nn-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-pl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-pt-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-pt_BR-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ru-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-sk-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-sl-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-sv-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-ta-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-tr-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-zh_CN-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-zh_TW-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-l10n-zu-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-math-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-mono-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-openclipart-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-pdfimport-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-presentation-minimizer-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-presenter-screen-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-pyuno-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-crystal-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-galaxy-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-hicontrast-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-industrial-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-style-tango-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-testtool-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-wiki-publisher-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openoffice.org-writer-3.1.1-2.5mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:48", "bulletinFamily": "scanner", "description": "Rebuilt against system libltdl.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-20T00:00:00", "published": "2011-03-03T00:00:00", "id": "FEDORA_2011-1990.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52519", "title": "Fedora 15 : q-7.11-10.fc15 (2011-1990)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1990.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52519);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:05:53 $\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_xref(name:\"FEDORA\", value:\"2011-1990\");\n\n script_name(english:\"Fedora 15 : q-7.11-10.fc15 (2011-1990)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebuilt against system libltdl.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4a7fef8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected q package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"q-7.11-10.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"q\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:35", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2009:1646 :\n\nUpdated libtool packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGNU Libtool is a set of shell scripts which automatically configure\nUNIX, Linux, and similar operating systems to generically build shared\nlibraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules\nfrom an arbitrary library in the current working directory. If a local\nattacker could trick a local user into running an application (which\nuses libltdl) from an attacker-controlled directory containing a\nmalicious Libtool control file (.la), the attacker could possibly\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, applications using the libltdl library must be\nrestarted for the update to take effect.", "modified": "2019-01-02T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2009-1646.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67968", "title": "Oracle Linux 3 / 4 / 5 : libtool (ELSA-2009-1646)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1646 and \n# Oracle Linux Security Advisory ELSA-2009-1646 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67968);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"RHSA\", value:\"2009:1646\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : libtool (ELSA-2009-1646)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1646 :\n\nUpdated libtool packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGNU Libtool is a set of shell scripts which automatically configure\nUNIX, Linux, and similar operating systems to generically build shared\nlibraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules\nfrom an arbitrary library in the current working directory. If a local\nattacker could trick a local user into running an application (which\nuses libltdl) from an attacker-controlled directory containing a\nmalicious Libtool control file (.la), the attacker could possibly\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, applications using the libltdl library must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-December/001276.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-December/001278.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-December/001280.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtool packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtool-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtool-ltdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtool-ltdl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libtool-1.4.3-7\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libtool-1.4.3-7\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libtool-libs-1.4.3-7\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libtool-libs-1.4.3-7\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"libtool-1.5.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libtool-libs-1.5.6-5.el4_8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libtool-1.5.22-7.el5_4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libtool-ltdl-1.5.22-7.el5_4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libtool-ltdl-devel-1.5.22-7.el5_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtool / libtool-libs / libtool-ltdl / libtool-ltdl-devel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:18", "bulletinFamily": "scanner", "description": "CVE-2009-3736 libtool: libltdl may load and execute code from a\nlibrary in the current directory\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nlibraries to load. It was possible for libltdl to load a malicious\nlibrary from the current working directory. In certain configurations,\nif a local attacker is able to trick a local user into running a Java\napplication (which uses a function to load native libraries, such as\nSystem.loadLibrary) from within an attacker-controlled directory\ncontaining a malicious library or module, the attacker could possibly\nexecute arbitrary code with the privileges of the user running the\nJava application. (CVE-2009-3736)\n\nAll running Java applications using libgcj must be restarted for this\nupdate to take effect.", "modified": "2019-01-02T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20100113_GCC_AND_GCC4_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60722", "title": "Scientific Linux Security Update : gcc and gcc4 on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60722);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2009-3736\");\n\n script_name(english:\"Scientific Linux Security Update : gcc and gcc4 on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-3736 libtool: libltdl may load and execute code from a\nlibrary in the current directory\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nlibraries to load. It was possible for libltdl to load a malicious\nlibrary from the current working directory. In certain configurations,\nif a local attacker is able to trick a local user into running a Java\napplication (which uses a function to load native libraries, such as\nSystem.loadLibrary) from within an attacker-controlled directory\ncontaining a malicious library or module, the attacker could possibly\nexecute arbitrary code with the privileges of the user running the\nJava application. (CVE-2009-3736)\n\nAll running Java applications using libgcj must be restarted for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1001&L=scientific-linux-errata&T=0&P=2048\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be3dac8d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"cpp-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"gcc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"gcc-c++-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"gcc-g77-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"gcc-gnat-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"gcc-java-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"gcc-objc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libf2c-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libgcc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libgcj-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libgcj-devel-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libgnat-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libobjc-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libstdc++-3.2.3-60\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libstdc++-devel-3.2.3-60\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"cpp-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc-c++-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc-g77-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc-gnat-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc-java-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc-objc-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc4-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc4-c++-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc4-gfortran-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gcc4-java-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libf2c-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgcc-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgcj-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgcj-devel-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgcj4-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgcj4-devel-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgcj4-src-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgfortran-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgnat-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libgomp-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libmudflap-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libmudflap-devel-4.1.2-44.EL4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libobjc-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libstdc++-3.4.6-11.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libstdc++-devel-3.4.6-11.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"cpp-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gcc-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gcc-c++-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gcc-gfortran-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gcc-gnat-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gcc-java-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gcc-objc-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gcc-objc++-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libgcc-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libgcj-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libgcj-devel-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libgcj-src-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libgfortran-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libgnat-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libmudflap-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libmudflap-devel-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libobjc-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libstdc++-4.1.2-46.el5_4.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libstdc++-devel-4.1.2-46.el5_4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:10:48", "bulletinFamily": "scanner", "description": "This update addresses CVE-2009-3736: libltdl may load and execute code\nfrom a library in the current directory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-07-12T00:00:00", "published": "2010-07-01T00:00:00", "id": "FEDORA_2010-8756.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47511", "title": "Fedora 12 : libprelude-0.9.24.1-2.fc12 (2010-8756)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-8756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47511);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2010-8756\");\n\n script_name(english:\"Fedora 12 : libprelude-0.9.24.1-2.fc12 (2010-8756)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses CVE-2009-3736: libltdl may load and execute code\nfrom a library in the current directory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=563978\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041969.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96601b60\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libprelude package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libprelude\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"libprelude-0.9.24.1-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libprelude\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:10:45", "bulletinFamily": "scanner", "description": "Fix package so that it uses the system copy of libtool-ltdl, and get\nrid of the ancient embedded copy, which suffers from the vulnerability\nin CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-07-12T00:00:00", "published": "2010-07-01T00:00:00", "id": "FEDORA_2010-1872.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47280", "title": "Fedora 12 : gambas-1.0.19-12.fc12 (2010-1872)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1872.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47280);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2010-1872\");\n\n script_name(english:\"Fedora 12 : gambas-1.0.19-12.fc12 (2010-1872)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix package so that it uses the system copy of libtool-ltdl, and get\nrid of the ancient embedded copy, which suffers from the vulnerability\nin CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=563971\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ea907aa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gambas package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gambas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"gambas-1.0.19-12.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gambas\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:31", "bulletinFamily": "unix", "description": "[1.5.22-7]\n- add fix for CVE-2009-3736,\n libltdl may load and execute code from a library in the current directory", "modified": "2009-12-08T00:00:00", "published": "2009-12-08T00:00:00", "id": "ELSA-2009-1646", "href": "http://linux.oracle.com/errata/ELSA-2009-1646.html", "title": "libtool security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:37", "bulletinFamily": "unix", "description": "[4.1.2-46.el5_4.2]\n- fix libjava to avoid opening *.la/dlopening *.so files from current\n working directory or subdirectories thereof (#545672, CVE-2009-3736)", "modified": "2010-01-13T00:00:00", "published": "2010-01-13T00:00:00", "id": "ELSA-2010-0039", "href": "http://linux.oracle.com/errata/ELSA-2010-0039.html", "title": "gcc and gcc4 security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:23", "bulletinFamily": "unix", "description": "\nSecunia.com\n\nDo not attempt to load an unqualified module.la file from the\n\t current directory (by default) since doing so is insecure and is\n\t not compliant with the documentation.\n\n", "modified": "2010-05-02T00:00:00", "published": "2009-11-25T00:00:00", "id": "77C14729-DC5E-11DE-92AE-02E0184B8D35", "href": "https://vuxml.freebsd.org/freebsd/77c14729-dc5e-11de-92ae-02e0184b8d35.html", "title": "libtool -- Library Search Path Privilege Escalation Issue", "type": "freebsd", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:44:56", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1646\n\n\nGNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016354.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016355.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016358.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016359.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016382.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016383.html\n\n**Affected packages:**\nlibtool\nlibtool-libs\nlibtool-ltdl\nlibtool-ltdl-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1646.html", "modified": "2009-12-18T01:40:41", "published": "2009-12-08T22:18:58", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/016354.html", "id": "CESA-2009:1646", "title": "libtool security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:25", "bulletinFamily": "unix", "description": "The gcc and gcc4 packages include, among others, C, C++, and Java GNU\ncompilers and related support libraries. libgcj contains a copy of GNU\nLibtool's libltdl library.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nlibraries to load. It was possible for libltdl to load a malicious library\nfrom the current working directory. In certain configurations, if a local\nattacker is able to trick a local user into running a Java application\n(which uses a function to load native libraries, such as\nSystem.loadLibrary) from within an attacker-controlled directory containing\na malicious library or module, the attacker could possibly execute\narbitrary code with the privileges of the user running the Java\napplication. (CVE-2009-3736)\n\nAll gcc and gcc4 users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running Java\napplications using libgcj must be restarted for this update to take effect.", "modified": "2018-05-26T04:26:17", "published": "2010-01-13T05:00:00", "id": "RHSA-2010:0039", "href": "https://access.redhat.com/errata/RHSA-2010:0039", "type": "redhat", "title": "(RHSA-2010:0039) Moderate: gcc and gcc4 security update", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:27:53", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 37128\r\nCVE ID: CVE-2009-3736\r\n\r\nGNU libtool\u662f\u4e00\u4e2a\u901a\u7528\u5e93\u652f\u6301\u811a\u672c\uff0c\u5c06\u4f7f\u7528\u52a8\u6001\u5e93\u7684\u590d\u6742\u6027\u9690\u85cf\u5728\u7edf\u4e00\u3001\u53ef\u79fb\u690d\u7684\u63a5\u53e3\u4e2d\u3002\r\n\r\nGNU Libtool\u7684libltdl\u5e93\u4e2d\u7684ltdl.c\u6587\u4ef6\u5c06\u5f53\u524d\u5de5\u4f5c\u76ee\u5f55\u7528\u4f5c\u4e86\u5e93\u7684\u641c\u7d22\u8def\u5f84\uff0c\u5982\u679c\u653b\u51fb\u8005\u521b\u5efa\u4e86\u6076\u610f\u7684\u5171\u4eab\u5bf9\u8c61\u6216.la\u6587\u4ef6\u5e76\u8bf1\u9a97\u7528\u6237\u4f7f\u7528\u540c\u4e00\u76ee\u5f55\u4e2d\u7684libtool\u5e93\u6267\u884c\u5e94\u7528\u7a0b\u5e8f\uff0c\u5c31\u4f1a\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nGNU libtool 2.2.6\r\nGNU libtool 1.5.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGNU\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html", "modified": "2009-12-02T00:00:00", "published": "2009-12-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15008", "id": "SSV:15008", "type": "seebug", "title": "GNU Libtool libltdl\u5e93\u641c\u7d22\u8def\u5f84\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "sourceData": "\n https://bugzilla.redhat.com/attachment.cgi?id=372311\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15008", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}