The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
It was found that the libspice component of QEMU-KVM on the host did not
validate all pointers provided from a guest system's QXL graphics card
driver. A privileged guest user could use this flaw to cause the host to
dereference an invalid pointer, causing the guest to crash (denial of
service) or, possibly, resulting in the privileged guest user escalating
their privileges on the host. (CVE-2010-0428)
It was found that the libspice component of QEMU-KVM on the host could be
forced to perform certain memory management operations on memory addresses
controlled by a guest. A privileged guest user could use this flaw to crash
the guest (denial of service) or, possibly, escalate their privileges on
the host. (CVE-2010-0429)
It was found that QEMU-KVM on the host did not validate all pointers
provided from a guest system's QXL graphics card driver. A privileged guest
user could use this flaw to cause the host to dereference an invalid
pointer, causing the guest to crash (denial of service) or, possibly,
resulting in the privileged guest user escalating their privileges on the
host. (CVE-2010-0431)
A flaw was found in QEMU-KVM, allowing the guest some control over the
index used to access the callback array during sub-page MMIO
initialization. A privileged guest user could use this flaw to crash the
guest (denial of service) or, possibly, escalate their privileges on the
host. (CVE-2010-2784)
A NULL pointer dereference flaw was found when Red Hat Enterprise
Virtualization Hypervisor was run on a system that has a processor with the
Intel VT-x extension enabled. A privileged guest user could use this flaw
to trick the host into emulating a certain instruction, which could crash
the host (denial of service). (CVE-2010-0435)
A flaw was found in the way VDSM accepted SSL connections. An attacker
could trigger this flaw by creating a crafted SSL connection to VDSM,
preventing VDSM from accepting SSL connections from other users.
(CVE-2010-2811)
These updated packages provide updated components that include fixes for
security issues; however, these issues have no security impact for Red Hat
Enterprise Virtualization Hypervisor. These fixes are for avahi issues
CVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797,
CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527,
and CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066,
CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and
CVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.
These updated rhev-hypervisor packages also fix two bugs. Documentation for
these bug fixes will be available shortly from
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html
As Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug
fixes from the KVM update RHSA-2010:0627 have been included in this update.
Also included are the bug fixes from the VDSM update RHSA-2010:0628.
KVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html
VDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html
Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to these updated rhev-hypervisor packages, which resolve these
issues.
{"id": "RHSA-2010:0622", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not\nvalidate all pointers provided from a guest system's QXL graphics card\ndriver. A privileged guest user could use this flaw to cause the host to\ndereference an invalid pointer, causing the guest to crash (denial of\nservice) or, possibly, resulting in the privileged guest user escalating\ntheir privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be\nforced to perform certain memory management operations on memory addresses\ncontrolled by a guest. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges on\nthe host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor with the\nIntel VT-x extension enabled. A privileged guest user could use this flaw\nto trick the host into emulating a certain instruction, which could crash\nthe host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for avahi issues\nCVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797,\nCVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527,\nand CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066,\nCVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and\nCVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs. Documentation for\nthese bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHSA-2010:0627 have been included in this update.\nAlso included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\n", "published": "2010-08-19T00:00:00", "modified": "2019-03-22T19:44:57", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2010:0622", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "immutableFields": [], "lastseen": "2021-10-19T20:41:05", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2010:0528", "CESA-2010:0542", "CESA-2010:0543", "CESA-2010:0577", "CESA-2010:0578", "CESA-2010:0606", "CESA-2010:0607", "CESA-2010:0610", "CESA-2010:0627", "CESA-2010:0633"]}, {"type": "cert", "idList": ["VU:275247"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2010-160", "CPAI-2010-165"]}, {"type": "cve", "idList": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811", "CVE-2010-2972", "CVE-2010-3311", "CVE-2011-1002"]}, {"type": "debian", "idList": ["DEBIAN:BSA-039:B3390", "DEBIAN:DSA-2053-1:F2BFF", "DEBIAN:DSA-2070-1:50712", "DEBIAN:DSA-2077-1:18036", "DEBIAN:DSA-2086-1:21155", "DEBIAN:DSA-2094-1:7CFE2", "DEBIAN:DSA-2105-1:02BB1", "DEBIAN:DSA-2105-1:33FFA", "DEBIAN:DSA-2153-1:FDD6A", "DEBIAN:DSA-2264-1:87A7B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-0758", "DEBIANCVE:CVE-2010-0211", "DEBIANCVE:CVE-2010-0212", "DEBIANCVE:CVE-2010-0428", "DEBIANCVE:CVE-2010-0429", "DEBIANCVE:CVE-2010-1797", "DEBIANCVE:CVE-2010-2244", "DEBIANCVE:CVE-2010-2498", "DEBIANCVE:CVE-2010-2499", "DEBIANCVE:CVE-2010-2500", "DEBIANCVE:CVE-2010-2519", "DEBIANCVE:CVE-2010-2527", "DEBIANCVE:CVE-2010-2541", "DEBIANCVE:CVE-2010-3311", "DEBIANCVE:CVE-2011-1002"]}, {"type": "exploitdb", "idList": ["EDB-ID:14727"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9EDBF6F0A3807FA198113B320C20BA8A"]}, {"type": "f5", "idList": ["SOL16477"]}, {"type": "fedora", "idList": ["FEDORA:0027C111C9A", "FEDORA:03D8610F8B0", "FEDORA:09D9D87E73", "FEDORA:0DA9510F842", "FEDORA:0DCDA110ECC", "FEDORA:1EC1210F9FC", "FEDORA:1F81B1109FD", "FEDORA:1F915226FCF", "FEDORA:25C14110BD9", "FEDORA:329D9110666", "FEDORA:33CDB110894", "FEDORA:39F6F111B8D", "FEDORA:3A49610F8D7", "FEDORA:3E64B10F9E5", "FEDORA:3F648110911", "FEDORA:908E6110632", "FEDORA:A272A110C4A", "FEDORA:B72D7110F0C", "FEDORA:C5ABB10F8BB", "FEDORA:C6921110369", "FEDORA:CAB2111090C", "FEDORA:E07AD11061A", "FEDORA:EAE5D110C5C"]}, {"type": "freebsd", "idList": ["8B986A05-4DBE-11E0-8B9A-02E0184B8D35"]}, {"type": "gentoo", "idList": ["GLSA-200904-10", "GLSA-201110-17", "GLSA-201201-09", "GLSA-201406-36"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}, {"type": "nessus", "idList": ["5705.PRM", "800791.PRM", "CENTOS_RHSA-2010-0528.NASL", "CENTOS_RHSA-2010-0542.NASL", "CENTOS_RHSA-2010-0543.NASL", "CENTOS_RHSA-2010-0577.NASL", "CENTOS_RHSA-2010-0578.NASL", "CENTOS_RHSA-2010-0606.NASL", "CENTOS_RHSA-2010-0607.NASL", "CENTOS_RHSA-2010-0610.NASL", "CENTOS_RHSA-2010-0627.NASL", "CENTOS_RHSA-2010-0633.NASL", "DEBIAN_DSA-2053.NASL", "DEBIAN_DSA-2070.NASL", "DEBIAN_DSA-2077.NASL", "DEBIAN_DSA-2086.NASL", "DEBIAN_DSA-2094.NASL", "DEBIAN_DSA-2105.NASL", "DEBIAN_DSA-2153.NASL", "DEBIAN_DSA-2264.NASL", "F5_BIGIP_SOL16477.NASL", "FEDORA_2010-10581.NASL", "FEDORA_2010-10584.NASL", "FEDORA_2010-11319.NASL", "FEDORA_2010-11343.NASL", "FEDORA_2010-11412.NASL", "FEDORA_2010-11462.NASL", "FEDORA_2010-13110.NASL", "FEDORA_2010-15705.NASL", "FEDORA_2010-15785.NASL", "FEDORA_2010-17728.NASL", "FEDORA_2010-17755.NASL", "FEDORA_2011-11588.NASL", "FEDORA_2011-3033.NASL", "FOXIT_READER_4_1_1_0805.NASL", "FREEBSD_PKG_8B986A054DBE11E08B9A02E0184B8D35.NASL", "GENTOO_GLSA-200904-10.NASL", "GENTOO_GLSA-201110-17.NASL", "GENTOO_GLSA-201201-09.NASL", "GENTOO_GLSA-201406-36.NASL", "MACOSX_10_6_5.NASL", "MACOSX_SECUPD2010-007.NASL", "MANDRIVA_MDVSA-2009-076.NASL", "MANDRIVA_MDVSA-2010-137.NASL", "MANDRIVA_MDVSA-2010-142.NASL", "MANDRIVA_MDVSA-2010-149.NASL", "MANDRIVA_MDVSA-2010-172.NASL", "MANDRIVA_MDVSA-2010-188.NASL", "MANDRIVA_MDVSA-2010-198.NASL", "MANDRIVA_MDVSA-2010-201.NASL", "MANDRIVA_MDVSA-2010-204.NASL", "MANDRIVA_MDVSA-2011-037.NASL", "ORACLELINUX_ELSA-2010-0528.NASL", "ORACLELINUX_ELSA-2010-0542.NASL", "ORACLELINUX_ELSA-2010-0543.NASL", "ORACLELINUX_ELSA-2010-0577.NASL", "ORACLELINUX_ELSA-2010-0578.NASL", "ORACLELINUX_ELSA-2010-0606.NASL", "ORACLELINUX_ELSA-2010-0607.NASL", "ORACLELINUX_ELSA-2010-0610.NASL", "ORACLELINUX_ELSA-2010-0627.NASL", "ORACLELINUX_ELSA-2010-0633.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "REDHAT-RHSA-2010-0528.NASL", "REDHAT-RHSA-2010-0542.NASL", "REDHAT-RHSA-2010-0543.NASL", "REDHAT-RHSA-2010-0577.NASL", "REDHAT-RHSA-2010-0578.NASL", "REDHAT-RHSA-2010-0606.NASL", "REDHAT-RHSA-2010-0607.NASL", "REDHAT-RHSA-2010-0610.NASL", "REDHAT-RHSA-2010-0622.NASL", "REDHAT-RHSA-2010-0627.NASL", "REDHAT-RHSA-2010-0628.NASL", "REDHAT-RHSA-2010-0633.NASL", "REDHAT-RHSA-2010-0893.NASL", "REDHAT-RHSA-2010-0907.NASL", "SL_20100713_AVAHI_ON_SL5_X.NASL", "SL_20100720_OPENLDAP_ON_SL5_X.NASL", "SL_20100730_FREETYPE_FOR_SL4.NASL", "SL_20100730_FREETYPE_ON_SL3.NASL", "SL_20100805_FREETYPE_ON_SL3_X.NASL", "SL_20100805_KERNEL_ON_SL4_X.NASL", "SL_20100810_KERNEL_ON_SL5_X.NASL", "SL_20100819_KVM_ON_SL5_X.NASL", "SL_20100819_QSPICE_ON_SL5_X.NASL", "SUSE9_12624.NASL", "SUSE9_12630.NASL", "SUSE9_12636.NASL", "SUSE9_12646.NASL", "SUSE_11_0_AVAHI-100119.NASL", "SUSE_11_0_OPENLDAP2-100712.NASL", "SUSE_11_1_AVAHI-100119.NASL", "SUSE_11_1_FREETYPE2-100812.NASL", "SUSE_11_1_LIBLDAP-2_4-2-100707.NASL", "SUSE_11_2_FREETYPE2-100812.NASL", "SUSE_11_2_KERNEL-100921.NASL", "SUSE_11_2_LIBLDAP-2_4-2-100707.NASL", "SUSE_11_3_KERNEL-100824.NASL", "SUSE_11_3_KERNEL-101215.NASL", "SUSE_11_3_LIBFREETYPE6-100812.NASL", "SUSE_11_AVAHI-100119.NASL", "SUSE_11_FREETYPE2-100812.NASL", "SUSE_11_KERNEL-100721.NASL", "SUSE_11_KERNEL-100903.NASL", "SUSE_11_LIBLDAP-2_4-2-100615.NASL", "SUSE_11_LIBLDAP-2_4-2-100616.NASL", "SUSE_AVAHI-6787.NASL", "SUSE_AVAHI-6790.NASL", "SUSE_FREETYPE2-7121.NASL", "SUSE_KERNEL-7133.NASL", "SUSE_KERNEL-7137.NASL", "SUSE_KERNEL-7257.NASL", "SUSE_KERNEL-7261.NASL", "SUSE_OPENLDAP2-7074.NASL", "UBUNTU_USN-1000-1.NASL", "UBUNTU_USN-1054-1.NASL", "UBUNTU_USN-1072-1.NASL", "UBUNTU_USN-1073-1.NASL", "UBUNTU_USN-1083-1.NASL", "UBUNTU_USN-947-1.NASL", "UBUNTU_USN-947-2.NASL", "UBUNTU_USN-963-1.NASL", "UBUNTU_USN-965-1.NASL", "UBUNTU_USN-972-1.NASL", "UBUNTU_USN-992-1.NASL", "VMWARE_VMSA-2011-0001.NASL", "VMWARE_VMSA-2011-0001_REMOTE.NASL", "VMWARE_VMSA-2011-0003.NASL", "VMWARE_VMSA-2011-0003_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103454", "OPENVAS:1361412562310100720", "OPENVAS:1361412562310103454", "OPENVAS:1361412562310121239", "OPENVAS:1361412562310122327", "OPENVAS:1361412562310122328", "OPENVAS:1361412562310122332", "OPENVAS:1361412562310122333", "OPENVAS:1361412562310122337", "OPENVAS:1361412562310122342", "OPENVAS:1361412562310122345", "OPENVAS:136141256231063588", "OPENVAS:136141256231063804", "OPENVAS:136141256231067406", "OPENVAS:136141256231067706", "OPENVAS:136141256231067833", "OPENVAS:136141256231067842", "OPENVAS:136141256231067981", "OPENVAS:136141256231068992", "OPENVAS:136141256231069366", "OPENVAS:136141256231069970", "OPENVAS:136141256231070780", "OPENVAS:136141256231070810", "OPENVAS:1361412562310801425", "OPENVAS:1361412562310802144", "OPENVAS:1361412562310831118", "OPENVAS:1361412562310831123", "OPENVAS:1361412562310831162", "OPENVAS:1361412562310831170", "OPENVAS:1361412562310831196", "OPENVAS:1361412562310831204", "OPENVAS:1361412562310831210", "OPENVAS:1361412562310831336", "OPENVAS:1361412562310840440", "OPENVAS:1361412562310840441", "OPENVAS:1361412562310840461", "OPENVAS:1361412562310840478", "OPENVAS:1361412562310840480", "OPENVAS:1361412562310840511", "OPENVAS:1361412562310840523", "OPENVAS:1361412562310840579", "OPENVAS:1361412562310840592", "OPENVAS:1361412562310840594", "OPENVAS:1361412562310840605", "OPENVAS:1361412562310850140", "OPENVAS:1361412562310850143", "OPENVAS:1361412562310850154", "OPENVAS:1361412562310850157", "OPENVAS:1361412562310862233", "OPENVAS:1361412562310862236", "OPENVAS:1361412562310862301", "OPENVAS:1361412562310862302", "OPENVAS:1361412562310862344", "OPENVAS:1361412562310862348", "OPENVAS:1361412562310862350", "OPENVAS:1361412562310862366", "OPENVAS:1361412562310862387", "OPENVAS:1361412562310862414", "OPENVAS:1361412562310862415", "OPENVAS:1361412562310862471", "OPENVAS:1361412562310862528", "OPENVAS:1361412562310862529", "OPENVAS:1361412562310862560", "OPENVAS:1361412562310862563", "OPENVAS:1361412562310862703", "OPENVAS:1361412562310862713", "OPENVAS:1361412562310862749", "OPENVAS:1361412562310862910", "OPENVAS:1361412562310863292", "OPENVAS:1361412562310863496", "OPENVAS:1361412562310870289", "OPENVAS:1361412562310870293", "OPENVAS:1361412562310870295", "OPENVAS:1361412562310870300", "OPENVAS:1361412562310870301", "OPENVAS:1361412562310870303", "OPENVAS:1361412562310870305", "OPENVAS:1361412562310870308", "OPENVAS:1361412562310870422", "OPENVAS:1361412562310870743", "OPENVAS:1361412562310880403", "OPENVAS:1361412562310880406", "OPENVAS:1361412562310880417", "OPENVAS:1361412562310880557", "OPENVAS:1361412562310880569", "OPENVAS:1361412562310880576", "OPENVAS:1361412562310880588", "OPENVAS:1361412562310880590", "OPENVAS:1361412562310880614", "OPENVAS:1361412562310881325", "OPENVAS:1361412562310901142", "OPENVAS:1361412562310901143", "OPENVAS:63588", "OPENVAS:63804", "OPENVAS:67406", "OPENVAS:67706", "OPENVAS:67833", "OPENVAS:67842", "OPENVAS:67981", "OPENVAS:68992", "OPENVAS:69366", "OPENVAS:69970", "OPENVAS:70780", "OPENVAS:70810", "OPENVAS:802144", "OPENVAS:831118", "OPENVAS:831123", "OPENVAS:831162", "OPENVAS:831170", "OPENVAS:831196", "OPENVAS:831204", "OPENVAS:831210", "OPENVAS:831336", "OPENVAS:840440", "OPENVAS:840441", "OPENVAS:840461", "OPENVAS:840478", "OPENVAS:840480", "OPENVAS:840511", "OPENVAS:840523", "OPENVAS:840579", "OPENVAS:840592", "OPENVAS:840594", "OPENVAS:840605", "OPENVAS:850140", "OPENVAS:850143", "OPENVAS:850154", "OPENVAS:850157", "OPENVAS:862233", "OPENVAS:862236", "OPENVAS:862301", "OPENVAS:862302", "OPENVAS:862344", "OPENVAS:862348", "OPENVAS:862350", "OPENVAS:862366", "OPENVAS:862387", "OPENVAS:862414", "OPENVAS:862415", "OPENVAS:862471", "OPENVAS:862528", "OPENVAS:862529", "OPENVAS:862560", "OPENVAS:862563", "OPENVAS:862703", "OPENVAS:862713", "OPENVAS:862749", "OPENVAS:862910", "OPENVAS:863292", "OPENVAS:863496", "OPENVAS:870289", "OPENVAS:870293", "OPENVAS:870295", "OPENVAS:870300", "OPENVAS:870301", "OPENVAS:870303", "OPENVAS:870305", "OPENVAS:870308", "OPENVAS:870422", "OPENVAS:870743", "OPENVAS:880403", "OPENVAS:880406", "OPENVAS:880417", "OPENVAS:880557", "OPENVAS:880569", "OPENVAS:880576", "OPENVAS:880588", "OPENVAS:880590", "OPENVAS:880614", "OPENVAS:881325", "OPENVAS:901142", "OPENVAS:901143"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0528", "ELSA-2010-0542", "ELSA-2010-0543", "ELSA-2010-0577", "ELSA-2010-0578", "ELSA-2010-0606", "ELSA-2010-0607", "ELSA-2010-0610", "ELSA-2010-0627", "ELSA-2010-0633", "ELSA-2011-0017", "ELSA-2011-0028"]}, {"type": "osv", "idList": ["OSV:DSA-2053-1", "OSV:DSA-2070-1", "OSV:DSA-2077-1", "OSV:DSA-2086-1", "OSV:DSA-2094-1", "OSV:DSA-2105-1", "OSV:DSA-2153-1", "OSV:DSA-2264-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:93045"]}, {"type": "redhat", "idList": ["RHSA-2010:0528", "RHSA-2010:0542", "RHSA-2010:0543", "RHSA-2010:0577", "RHSA-2010:0578", "RHSA-2010:0606", "RHSA-2010:0607", "RHSA-2010:0610", "RHSA-2010:0627", "RHSA-2010:0628", "RHSA-2010:0631", "RHSA-2010:0633", "RHSA-2010:0893", "RHSA-2010:0907"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21492", "SECURITYVULNS:DOC:23925", "SECURITYVULNS:DOC:24241", "SECURITYVULNS:DOC:24363", "SECURITYVULNS:DOC:24383", "SECURITYVULNS:DOC:24546", "SECURITYVULNS:DOC:24700", "SECURITYVULNS:DOC:25118", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:DOC:25593", "SECURITYVULNS:DOC:25594", "SECURITYVULNS:DOC:25787", "SECURITYVULNS:VULN:10869", "SECURITYVULNS:VULN:11001", "SECURITYVULNS:VULN:11025", "SECURITYVULNS:VULN:11035", "SECURITYVULNS:VULN:11129", "SECURITYVULNS:VULN:11263", "SECURITYVULNS:VULN:11394", "SECURITYVULNS:VULN:9750"]}, {"type": "seebug", "idList": ["SSV:19427", "SSV:19827", "SSV:19923", "SSV:19986", "SSV:20014", "SSV:20015", "SSV:20059", "SSV:20066", "SSV:69655"]}, {"type": "suse", "idList": ["SUSE-SA:2010:033", "SUSE-SA:2010:036", "SUSE-SA:2010:038", "SUSE-SA:2010:039", "SUSE-SA:2010:040", "SUSE-SA:2010:046", "SUSE-SA:2010:060", "SUSE-SA:2011:001", "SUSE-SA:2011:007", "SUSE-SU-2012:0553-1"]}, {"type": "threatpost", "idList": ["THREATPOST:6C04680CB8CC19D20B6973416D99AD93"]}, {"type": "ubuntu", "idList": ["USN-1000-1", "USN-1054-1", "USN-1072-1", "USN-1073-1", "USN-1074-1", "USN-1074-2", "USN-1083-1", "USN-947-1", "USN-947-2", "USN-963-1", "USN-965-1", "USN-972-1", "USN-992-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-0758", "UB:CVE-2010-0211", "UB:CVE-2010-0212", "UB:CVE-2010-0431", "UB:CVE-2010-0435", "UB:CVE-2010-1084", "UB:CVE-2010-1797", "UB:CVE-2010-2066", "UB:CVE-2010-2070", "UB:CVE-2010-2226", "UB:CVE-2010-2244", "UB:CVE-2010-2248", "UB:CVE-2010-2498", "UB:CVE-2010-2499", "UB:CVE-2010-2500", "UB:CVE-2010-2519", "UB:CVE-2010-2521", "UB:CVE-2010-2524", "UB:CVE-2010-2527", "UB:CVE-2010-2541", "UB:CVE-2010-2784", "UB:CVE-2010-3311", "UB:CVE-2011-1002"]}, {"type": "veracode", "idList": ["VERACODE:24024", "VERACODE:24025", "VERACODE:24118", "VERACODE:24119", "VERACODE:24120", "VERACODE:24121", "VERACODE:24122", "VERACODE:24123", "VERACODE:24124", "VERACODE:24135", "VERACODE:24148", "VERACODE:24149", "VERACODE:24217", "VERACODE:24218", "VERACODE:24226", "VERACODE:24227", "VERACODE:24228", "VERACODE:24229", "VERACODE:24230", "VERACODE:24231", "VERACODE:24403", "VERACODE:24404", "VERACODE:24405"]}, {"type": "vmware", "idList": ["VMSA-2011-0001", "VMSA-2011-0001.3"]}]}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2010:0528", "CESA-2010:0542", "CESA-2010:0543", "CESA-2010:0577", "CESA-2010:0578", "CESA-2010:0606", "CESA-2010:0607", "CESA-2010:0610", "CESA-2010:0627", "CESA-2010:0633"]}, {"type": "cert", "idList": ["VU:275247"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2010-165"]}, {"type": "cve", "idList": ["CVE-2009-0758"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2264-1:87A7B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-2500"]}, {"type": "exploitdb", "idList": ["EDB-ID:14727"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9EDBF6F0A3807FA198113B320C20BA8A"]}, {"type": "f5", "idList": ["SOL16477"]}, {"type": "fedora", "idList": ["FEDORA:25C14110BD9", "FEDORA:33CDB110894", "FEDORA:E07AD11061A"]}, {"type": "freebsd", "idList": ["8B986A05-4DBE-11E0-8B9A-02E0184B8D35"]}, {"type": "gentoo", "idList": ["GLSA-200904-10", "GLSA-201406-36"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/UBUNTU-USN-965-1/"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0610.NASL", "CENTOS_RHSA-2010-0633.NASL", "FEDORA_2010-11412.NASL", "FEDORA_2011-3033.NASL", "GENTOO_GLSA-201406-36.NASL", "ORACLELINUX_ELSA-2010-0577.NASL", "REDHAT-RHSA-2010-0610.NASL", "REDHAT-RHSA-2010-0622.NASL", "REDHAT-RHSA-2010-0633.NASL", "SL_20100720_OPENLDAP_ON_SL5_X.NASL", "SUSE_11_1_AVAHI-100119.NASL", "SUSE_11_AVAHI-100119.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103454", "OPENVAS:136141256231070810", "OPENVAS:1361412562310831170", "OPENVAS:1361412562310840523", "OPENVAS:1361412562310840605", "OPENVAS:1361412562310862528", "OPENVAS:1361412562310870305", "OPENVAS:1361412562310880590", "OPENVAS:63804", "OPENVAS:67981", "OPENVAS:831170", "OPENVAS:831196", "OPENVAS:831336", "OPENVAS:840605", "OPENVAS:901142"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0542", "ELSA-2010-0577", "ELSA-2010-0578", "ELSA-2010-0606", "ELSA-2010-0607", "ELSA-2010-0627", "ELSA-2010-0633", "ELSA-2011-0028"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:93045"]}, {"type": "redhat", "idList": ["RHSA-2010:0542", "RHSA-2010:0578", "RHSA-2010:0606", "RHSA-2010:0607", "RHSA-2010:0627", "RHSA-2010:0628", "RHSA-2010:0633", "RHSA-2010:0907"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11025"]}, {"type": "seebug", "idList": ["SSV:19427", "SSV:19827", "SSV:20015"]}, {"type": "suse", "idList": ["SUSE-SA:2010:038", "SUSE-SA:2010:060"]}, {"type": "ubuntu", "idList": ["USN-1072-1", "USN-1074-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-1084", "UB:CVE-2010-2066", "UB:CVE-2010-2070", "UB:CVE-2010-2226"]}, {"type": "vmware", "idList": ["VMSA-2011-0001.3"]}]}, "exploitation": null, "vulnersScore": 0.6}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt", "packageName": "rhev-hypervisor"}, {"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt", "packageName": "rhev-hypervisor-pxe"}], "vendorCvss": {"severity": "important"}, "_state": {"dependencies": 1660012827, "score": 1659962767}, "_internal": {"score_hash": "4a0f0a12239ae82197e8d88615c367a6"}}
{"nessus": [{"lastseen": "2022-04-16T14:11:44", "description": "Updated rhev-hypervisor packages that fix multiple security issues and two bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise Virtualization Hypervisor was run on a system that has a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker could trigger this flaw by creating a crafted SSL connection to VDSM, preventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for security issues; however, these issues have no security impact for Red Hat Enterprise Virtualization Hypervisor. These fixes are for avahi issues CVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527, and CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and CVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs.\nDocumentation for these bug fixes will be available shortly from http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_fo r_Servers /2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug fixes from the KVM update RHSA-2010:0627 have been included in this update. Also included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html VDSM:\nhttps://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to these updated rhev-hypervisor packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "RHEL 5 : rhev-hypervisor (RHSA-2010:0622)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor-pxe", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0622.NASL", "href": "https://www.tenable.com/plugins/nessus/79276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0622. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79276);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0428\", \"CVE-2010-0429\", \"CVE-2010-0431\", \"CVE-2010-0435\", \"CVE-2010-2784\", \"CVE-2010-2811\");\n script_bugtraq_id(42580);\n script_xref(name:\"RHSA\", value:\"2010:0622\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor (RHSA-2010:0622)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rhev-hypervisor packages that fix multiple security issues and\ntwo bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did\nnot validate all pointers provided from a guest system's QXL graphics\ncard driver. A privileged guest user could use this flaw to cause the\nhost to dereference an invalid pointer, causing the guest to crash\n(denial of service) or, possibly, resulting in the privileged guest\nuser escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could\nbe forced to perform certain memory management operations on memory\naddresses controlled by a guest. A privileged guest user could use\nthis flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged\nguest user could use this flaw to cause the host to dereference an\ninvalid pointer, causing the guest to crash (denial of service) or,\npossibly, resulting in the privileged guest user escalating their\nprivileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges\non the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor\nwith the Intel VT-x extension enabled. A privileged guest user could\nuse this flaw to trick the host into emulating a certain instruction,\nwhich could crash the host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes\nfor security issues; however, these issues have no security impact for\nRed Hat Enterprise Virtualization Hypervisor. These fixes are for\navahi issues CVE-2009-0758 and CVE-2010-2244; freetype issues\nCVE-2010-1797, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,\nCVE-2010-2519, CVE-2010-2527, and CVE-2010-2541; kernel issues\nCVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226,\nCVE-2010-2248, CVE-2010-2521, and CVE-2010-2524; and openldap issues\nCVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs.\nDocumentation for these bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_fo\nr_Servers /2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the\nbug fixes from the KVM update RHSA-2010:0627 have been included in\nthis update. Also included are the bug fixes from the VDSM update\nRHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html VDSM:\nhttps://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2811\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb2e5a4a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0622\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor and / or rhev-hypervisor-pxe\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor-pxe\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0622\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-5.5-2.2.6.1.el5_5rhev2_2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor / rhev-hypervisor-pxe\");\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:51:32", "description": "From Red Hat Security Advisory 2010:0610 :\n\nUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2010-0610)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1084", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0610.NASL", "href": "https://www.tenable.com/plugins/nessus/68081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0610 and \n# Oracle Linux Security Advisory ELSA-2010-0610 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68081);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n script_bugtraq_id(38898, 40776, 40920, 41466, 41904, 42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0610\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2010-0610)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0610 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel\nBluetooth implementation. Creating a large number of Bluetooth L2CAP,\nSCO, or RFCOMM sockets could result in arbitrary memory pages being\noverwritten. A local, unprivileged user could use this flaw to cause a\nkernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the\nIntel Itanium architecture, allowing guests to enter an unsupported\nstate. An unprivileged guest user could trigger this flaw by setting\nthe BE (Big Endian) bit of the Processor Status Register (PSR),\nleading to the guest crashing (denial of service). (CVE-2010-2070,\nImportant)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux\nkernel XFS file system implementation. A local user could use this\nflaw to read write-only files, that they do not own, on an XFS file\nsystem. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local,\nunprivileged user could redirect a Microsoft Distributed File System\nlink to another IP address, tricking the client into mounting the\nshare from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in\nthe ext4 file system code. A local user could use this flaw to cause\nthe MOVE_EXT IOCTL to overwrite the contents of an append-only file on\nan ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084,\nand Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001596.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2010-0610\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-194.11.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:31", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-12T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2010:0610)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1084", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0610.NASL", "href": "https://www.tenable.com/plugins/nessus/48301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0610 and \n# CentOS Errata and Security Advisory 2010:0610 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48301);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n script_bugtraq_id(38898, 40776, 40920, 41466, 41904, 42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0610\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2010:0610)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel\nBluetooth implementation. Creating a large number of Bluetooth L2CAP,\nSCO, or RFCOMM sockets could result in arbitrary memory pages being\noverwritten. A local, unprivileged user could use this flaw to cause a\nkernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the\nIntel Itanium architecture, allowing guests to enter an unsupported\nstate. An unprivileged guest user could trigger this flaw by setting\nthe BE (Big Endian) bit of the Processor Status Register (PSR),\nleading to the guest crashing (denial of service). (CVE-2010-2070,\nImportant)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux\nkernel XFS file system implementation. A local user could use this\nflaw to read write-only files, that they do not own, on an XFS file\nsystem. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local,\nunprivileged user could redirect a Microsoft Distributed File System\nlink to another IP address, tricking the client into mounting the\nshare from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in\nthe ext4 file system code. A local user could use this flaw to cause\nthe MOVE_EXT IOCTL to overwrite the contents of an append-only file on\nan ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084,\nand Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016890.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74c9c2bd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016891.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52607eba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-194.11.1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:17", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-12T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2010:0610)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1084", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0610.NASL", "href": "https://www.tenable.com/plugins/nessus/48312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0610. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48312);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n script_bugtraq_id(38898, 40776, 40920, 41466, 41904, 42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0610\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0610)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel\nBluetooth implementation. Creating a large number of Bluetooth L2CAP,\nSCO, or RFCOMM sockets could result in arbitrary memory pages being\noverwritten. A local, unprivileged user could use this flaw to cause a\nkernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the\nIntel Itanium architecture, allowing guests to enter an unsupported\nstate. An unprivileged guest user could trigger this flaw by setting\nthe BE (Big Endian) bit of the Processor Status Register (PSR),\nleading to the guest crashing (denial of service). (CVE-2010-2070,\nImportant)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux\nkernel XFS file system implementation. A local user could use this\nflaw to read write-only files, that they do not own, on an XFS file\nsystem. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local,\nunprivileged user could redirect a Microsoft Distributed File System\nlink to another IP address, tricking the client into mounting the\nshare from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in\nthe ext4 file system code. A local user could use this flaw to cause\nthe MOVE_EXT IOCTL to overwrite the contents of an append-only file on\nan ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084,\nand Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2524\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0610\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2010:0610\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0610\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-194.11.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:24", "description": "This update fixes the following security issues :\n\n - instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084, Important)\n\n - a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service).\n (CVE-2010-2070, Important)\n\n - a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n (CVE-2010-2248, Important)\n\n - buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution.\n (CVE-2010-2521, Important)\n\n - a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n\n - a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n - a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file. (CVE-2010-2066, Low)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1084", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100810_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60834);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - instances of unsafe sprintf() use were found in the\n Linux kernel Bluetooth implementation. Creating a large\n number of Bluetooth L2CAP, SCO, or RFCOMM sockets could\n result in arbitrary memory pages being overwritten. A\n local, unprivileged user could use this flaw to cause a\n kernel panic (denial of service) or escalate their\n privileges. (CVE-2010-1084, Important)\n\n - a flaw was found in the Xen hypervisor implementation\n when using the Intel Itanium architecture, allowing\n guests to enter an unsupported state. An unprivileged\n guest user could trigger this flaw by setting the BE\n (Big Endian) bit of the Processor Status Register (PSR),\n leading to the guest crashing (denial of service).\n (CVE-2010-2070, Important)\n\n - a flaw was found in the CIFSSMBWrite() function in the\n Linux kernel Common Internet File System (CIFS)\n implementation. A remote attacker could send a specially\n crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service).\n (CVE-2010-2248, Important)\n\n - buffer overflow flaws were found in the Linux kernel's\n implementation of the server-side External Data\n Representation (XDR) for the Network File System (NFS)\n version 4. An attacker on the local network could send a\n specially crafted large compound request to the NFSv4\n server, which could possibly result in a kernel panic\n (denial of service) or, potentially, code execution.\n (CVE-2010-2521, Important)\n\n - a flaw was found in the handling of the SWAPEXT IOCTL in\n the Linux kernel XFS file system implementation. A local\n user could use this flaw to read write-only files, that\n they do not own, on an XFS file system. This could lead\n to unintended information disclosure. (CVE-2010-2226,\n Moderate)\n\n - a flaw was found in the dns_resolver upcall used by\n CIFS. A local, unprivileged user could redirect a\n Microsoft Distributed File System link to another IP\n address, tricking the client into mounting the share\n from a server of the user's choosing. (CVE-2010-2524,\n Moderate)\n\n - a missing check was found in the mext_check_arguments()\n function in the ext4 file system code. A local user\n could use this flaw to cause the MOVE_EXT IOCTL to\n overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that\n file. (CVE-2010-2066, Low)\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=1311\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3643a0ed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-194.11.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:12:45", "description": "From Red Hat Security Advisory 2010:0578 :\n\nUpdated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel", "p-cpe:/a:oracle:linux:freetype-utils", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/68075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0578 and \n# Oracle Linux Security Advisory ELSA-2010-0578 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68075);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0578 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001572.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001573.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:09:15", "description": "An invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.\n\nFile List", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype for SL4 , SL5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100730_FREETYPE_FOR_SL4.NASL", "href": "https://www.tenable.com/plugins/nessus/60825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60825);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n\n script_name(english:\"Scientific Linux Security Update : freetype for SL4 , SL5\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\nFile List\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=3474\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2ba5fda\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-debuginfo-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-debuginfo-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:33:33", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-02T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : freetype (RHSA-2010:0578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "p-cpe:/a:redhat:enterprise_linux:freetype-utils", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/48212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0578. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48212);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"RHEL 4 / 5 : freetype (RHSA-2010:0578)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0578\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0578\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:34:58", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : freetype (CESA-2010:0578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "p-cpe:/a:centos:centos:freetype-utils", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/48217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0578 and \n# CentOS Errata and Security Advisory 2010:0578 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48217);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"CentOS 4 / 5 : freetype (CESA-2010:0578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016854.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9d2110d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb8b8ddf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016884.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b78c705f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016885.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fecd5c92\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:03:49", "description": "Robert Swiecki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-21T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:freetype2-demos", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-963-1.NASL", "href": "https://www.tenable.com/plugins/nessus/47778", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-963-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47778);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_bugtraq_id(41663, 60750);\n script_xref(name:\"USN\", value:\"963-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Swiecki discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could execute arbitrary\ncode with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/963-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freetype2-demos, libfreetype6 and / or\nlibfreetype6-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"freetype2-demos\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6-dev\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-demos / libfreetype6 / libfreetype6-dev\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:03:48", "description": "Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo programs.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-15T00:00:00", "type": "nessus", "title": "Debian DSA-2070-1 : freetype - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freetype", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2070.NASL", "href": "https://www.tenable.com/plugins/nessus/47735", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2070. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47735);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_bugtraq_id(41663);\n script_xref(name:\"DSA\", value:\"2070\");\n\n script_name(english:\"Debian DSA-2070-1 : freetype - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Swiecki discovered several vulnerabilities in the FreeType font\nlibrary, which could lead to the execution of arbitrary code if a\nmalformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo\nprograms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2070\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the freetype packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"freetype2-demos\", reference:\"2.3.7-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libfreetype6\", reference:\"2.3.7-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libfreetype6-dev\", reference:\"2.3.7-2+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:34:34", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-02T00:00:00", "type": "nessus", "title": "RHEL 3 : freetype (RHSA-2010:0577)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/48211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0577. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48211);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"RHEL 3 : freetype (RHSA-2010:0577)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0577\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype and / or freetype-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0577\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-2.1.4-15.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:34:58", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-17T00:00:00", "type": "nessus", "title": "CentOS 3 : freetype (CESA-2010:0577)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "p-cpe:/a:centos:centos:freetype-utils", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/48343", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0577 and \n# CentOS Errata and Security Advisory 2010:0577 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48343);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"CentOS 3 : freetype (CESA-2010:0577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016920.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?122b5a41\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016921.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a85b27d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-demos-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-utils-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:09:14", "description": "FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nWe would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype on SL3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100730_FREETYPE_ON_SL3.NASL", "href": "https://www.tenable.com/plugins/nessus/60826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60826);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL3\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"FreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nWe would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=77\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?627cc76b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype and / or freetype-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:12:43", "description": "From Red Hat Security Advisory 2010:0577 :\n\nUpdated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : freetype (ELSA-2010-0577)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-devel", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/68074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0577 and \n# Oracle Linux Security Advisory ELSA-2010-0577 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68074);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"Oracle Linux 3 : freetype (ELSA-2010-0577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0577 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001574.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:36:46", "description": "- Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-20T00:00:00", "type": "nessus", "title": "Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-15705.NASL", "href": "https://www.tenable.com/plugins/nessus/50026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-15705.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50026);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\");\n script_bugtraq_id(41663, 42241, 42285, 43700);\n script_xref(name:\"FEDORA\", value:\"2010-15705\");\n\n script_name(english:\"Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=614557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625626\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049605.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b04ead5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"freetype-2.3.11-6.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:38:14", "description": "- Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes)\n\n - Resolves: #613299\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-3\n\n - Add freetype-2.3.11-more-demos.patch\n\n - New demo programs ftmemchk, ftpatchk, and fttimer\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-2\n\n - Second try. Drop upstreamed patches.\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-1\n\n - 2.3.11\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-02T00:00:00", "type": "nessus", "title": "Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-15785.NASL", "href": "https://www.tenable.com/plugins/nessus/50437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-15785.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50437);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\");\n script_bugtraq_id(41663, 42151, 42241, 42285, 43700);\n script_xref(name:\"FEDORA\", value:\"2010-15785\");\n\n script_name(english:\"Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-3\n\n - Add freetype-2.3.11-more-demos.patch\n\n - New demo programs ftmemchk, ftpatchk, and fttimer\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-2\n\n - Second try. Drop upstreamed patches.\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-1\n\n - 2.3.11\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=614557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625626\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050203.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e475a250\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"freetype-2.3.11-6.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-24T14:12:23", "description": "Updated kvm packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nIt was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service).\n(CVE-2010-0435)\n\nThis update also fixes the following bugs :\n\n* running a 'qemu-img' check on a faulty virtual machine image ended with a segmentation fault. With this update, the segmentation fault no longer occurs when running the 'qemu-img' check. (BZ#610342)\n\n* when attempting to transfer a file between two guests that were joined in the same virtual LAN (VLAN), the receiving guest unexpectedly quit. With this update, the transfer completes successfully. (BZ#610343)\n\n* installation of a system was occasionally failing in KVM. This was caused by KVM using wrong permissions for large guest pages. With this update, the installation completes successfully. (BZ#616796)\n\n* previously, the migration process would fail for a virtual machine because the virtual machine could not map all the memory. This was caused by a conflict that was initiated when a virtual machine was initially run and then migrated right away. With this update, the conflict no longer occurs and the migration process no longer fails.\n(BZ#618205)\n\n* using a thinly provisioned VirtIO disk on iSCSI storage and performing a 'qemu-img' check during an 'e_no_space' event returned cluster errors. With this update, the errors no longer appear.\n(BZ#618206)\n\nAll KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kvm (RHSA-2010:0627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0431", "CVE-2010-0435", "CVE-2010-2784"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kmod-kvm", "p-cpe:/a:redhat:enterprise_linux:kvm", "p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img", "p-cpe:/a:redhat:enterprise_linux:kvm-tools", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0627.NASL", "href": "https://www.tenable.com/plugins/nessus/63946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0627. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63946);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0431\", \"CVE-2010-0435\", \"CVE-2010-2784\");\n script_xref(name:\"RHSA\", value:\"2010:0627\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2010:0627)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix three security issues and multiple bugs\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged\nguest user could use this flaw to cause the host to dereference an\ninvalid pointer, causing the guest to crash (denial of service) or,\npossibly, resulting in the privileged guest user escalating their\nprivileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges\non the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a\nprocessor with the Intel VT-x extension enabled. A privileged guest\nuser could use this flaw to trick the host into emulating a certain\ninstruction, which could crash the host (denial of service).\n(CVE-2010-0435)\n\nThis update also fixes the following bugs :\n\n* running a 'qemu-img' check on a faulty virtual machine image ended\nwith a segmentation fault. With this update, the segmentation fault no\nlonger occurs when running the 'qemu-img' check. (BZ#610342)\n\n* when attempting to transfer a file between two guests that were\njoined in the same virtual LAN (VLAN), the receiving guest\nunexpectedly quit. With this update, the transfer completes\nsuccessfully. (BZ#610343)\n\n* installation of a system was occasionally failing in KVM. This was\ncaused by KVM using wrong permissions for large guest pages. With this\nupdate, the installation completes successfully. (BZ#616796)\n\n* previously, the migration process would fail for a virtual machine\nbecause the virtual machine could not map all the memory. This was\ncaused by a conflict that was initiated when a virtual machine was\ninitially run and then migrated right away. With this update, the\nconflict no longer occurs and the migration process no longer fails.\n(BZ#618205)\n\n* using a thinly provisioned VirtIO disk on iSCSI storage and\nperforming a 'qemu-img' check during an 'e_no_space' event returned\ncluster errors. With this update, the errors no longer appear.\n(BZ#618206)\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0627\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0627\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-164.el5_5.21\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-164.el5_5.21\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-164.el5_5.21\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-164.el5_5.21\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kvm / kvm-qemu-img / kvm-tools\");\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-24T15:22:26", "description": "Updated kvm packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nIt was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service).\n(CVE-2010-0435)\n\nThis update also fixes the following bugs :\n\n* running a 'qemu-img' check on a faulty virtual machine image ended with a segmentation fault. With this update, the segmentation fault no longer occurs when running the 'qemu-img' check. (BZ#610342)\n\n* when attempting to transfer a file between two guests that were joined in the same virtual LAN (VLAN), the receiving guest unexpectedly quit. With this update, the transfer completes successfully. (BZ#610343)\n\n* installation of a system was occasionally failing in KVM. This was caused by KVM using wrong permissions for large guest pages. With this update, the installation completes successfully. (BZ#616796)\n\n* previously, the migration process would fail for a virtual machine because the virtual machine could not map all the memory. This was caused by a conflict that was initiated when a virtual machine was initially run and then migrated right away. With this update, the conflict no longer occurs and the migration process no longer fails.\n(BZ#618205)\n\n* using a thinly provisioned VirtIO disk on iSCSI storage and performing a 'qemu-img' check during an 'e_no_space' event returned cluster errors. With this update, the errors no longer appear.\n(BZ#618206)\n\nAll KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-29T00:00:00", "type": "nessus", "title": "CentOS 5 : kvm (CESA-2010:0627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0431", "CVE-2010-0435", "CVE-2010-2784"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kmod-kvm", "p-cpe:/a:centos:centos:kvm", "p-cpe:/a:centos:centos:kvm-qemu-img", "p-cpe:/a:centos:centos:kvm-tools", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0627.NASL", "href": "https://www.tenable.com/plugins/nessus/48910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0627 and \n# CentOS Errata and Security Advisory 2010:0627 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48910);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0431\", \"CVE-2010-0435\", \"CVE-2010-2784\");\n script_xref(name:\"RHSA\", value:\"2010:0627\");\n\n script_name(english:\"CentOS 5 : kvm (CESA-2010:0627)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix three security issues and multiple bugs\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged\nguest user could use this flaw to cause the host to dereference an\ninvalid pointer, causing the guest to crash (denial of service) or,\npossibly, resulting in the privileged guest user escalating their\nprivileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges\non the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a\nprocessor with the Intel VT-x extension enabled. A privileged guest\nuser could use this flaw to trick the host into emulating a certain\ninstruction, which could crash the host (denial of service).\n(CVE-2010-0435)\n\nThis update also fixes the following bugs :\n\n* running a 'qemu-img' check on a faulty virtual machine image ended\nwith a segmentation fault. With this update, the segmentation fault no\nlonger occurs when running the 'qemu-img' check. (BZ#610342)\n\n* when attempting to transfer a file between two guests that were\njoined in the same virtual LAN (VLAN), the receiving guest\nunexpectedly quit. With this update, the transfer completes\nsuccessfully. (BZ#610343)\n\n* installation of a system was occasionally failing in KVM. This was\ncaused by KVM using wrong permissions for large guest pages. With this\nupdate, the installation completes successfully. (BZ#616796)\n\n* previously, the migration process would fail for a virtual machine\nbecause the virtual machine could not map all the memory. This was\ncaused by a conflict that was initiated when a virtual machine was\ninitially run and then migrated right away. With this update, the\nconflict no longer occurs and the migration process no longer fails.\n(BZ#618205)\n\n* using a thinly provisioned VirtIO disk on iSCSI storage and\nperforming a 'qemu-img' check during an 'e_no_space' event returned\ncluster errors. With this update, the errors no longer appear.\n(BZ#618206)\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016954.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05fbda20\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-164.el5_5.21\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-83-164.el5_5.21\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-164.el5_5.21\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-tools-83-164.el5_5.21\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kvm / kvm-qemu-img / kvm-tools\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-24T14:22:32", "description": "From Red Hat Security Advisory 2010:0627 :\n\nUpdated kvm packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nIt was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service).\n(CVE-2010-0435)\n\nThis update also fixes the following bugs :\n\n* running a 'qemu-img' check on a faulty virtual machine image ended with a segmentation fault. With this update, the segmentation fault no longer occurs when running the 'qemu-img' check. (BZ#610342)\n\n* when attempting to transfer a file between two guests that were joined in the same virtual LAN (VLAN), the receiving guest unexpectedly quit. With this update, the transfer completes successfully. (BZ#610343)\n\n* installation of a system was occasionally failing in KVM. This was caused by KVM using wrong permissions for large guest pages. With this update, the installation completes successfully. (BZ#616796)\n\n* previously, the migration process would fail for a virtual machine because the virtual machine could not map all the memory. This was caused by a conflict that was initiated when a virtual machine was initially run and then migrated right away. With this update, the conflict no longer occurs and the migration process no longer fails.\n(BZ#618205)\n\n* using a thinly provisioned VirtIO disk on iSCSI storage and performing a 'qemu-img' check during an 'e_no_space' event returned cluster errors. With this update, the errors no longer appear.\n(BZ#618206)\n\nAll KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kvm (ELSA-2010-0627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0431", "CVE-2010-0435", "CVE-2010-2784"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kmod-kvm", "p-cpe:/a:oracle:linux:kvm", "p-cpe:/a:oracle:linux:kvm-qemu-img", "p-cpe:/a:oracle:linux:kvm-tools", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0627.NASL", "href": "https://www.tenable.com/plugins/nessus/68085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0627 and \n# Oracle Linux Security Advisory ELSA-2010-0627 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68085);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0431\", \"CVE-2010-0435\", \"CVE-2010-2784\");\n script_xref(name:\"RHSA\", value:\"2010:0627\");\n\n script_name(english:\"Oracle Linux 5 : kvm (ELSA-2010-0627)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0627 :\n\nUpdated kvm packages that fix three security issues and multiple bugs\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged\nguest user could use this flaw to cause the host to dereference an\ninvalid pointer, causing the guest to crash (denial of service) or,\npossibly, resulting in the privileged guest user escalating their\nprivileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges\non the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a\nprocessor with the Intel VT-x extension enabled. A privileged guest\nuser could use this flaw to trick the host into emulating a certain\ninstruction, which could crash the host (denial of service).\n(CVE-2010-0435)\n\nThis update also fixes the following bugs :\n\n* running a 'qemu-img' check on a faulty virtual machine image ended\nwith a segmentation fault. With this update, the segmentation fault no\nlonger occurs when running the 'qemu-img' check. (BZ#610342)\n\n* when attempting to transfer a file between two guests that were\njoined in the same virtual LAN (VLAN), the receiving guest\nunexpectedly quit. With this update, the transfer completes\nsuccessfully. (BZ#610343)\n\n* installation of a system was occasionally failing in KVM. This was\ncaused by KVM using wrong permissions for large guest pages. With this\nupdate, the installation completes successfully. (BZ#616796)\n\n* previously, the migration process would fail for a virtual machine\nbecause the virtual machine could not map all the memory. This was\ncaused by a conflict that was initiated when a virtual machine was\ninitially run and then migrated right away. With this update, the\nconflict no longer occurs and the migration process no longer fails.\n(BZ#618205)\n\n* using a thinly provisioned VirtIO disk on iSCSI storage and\nperforming a 'qemu-img' check during an 'e_no_space' event returned\ncluster errors. With this update, the errors no longer appear.\n(BZ#618206)\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001607.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-164.0.1.el5_5.21\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-83-164.0.1.el5_5.21\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-164.0.1.el5_5.21\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-164.0.1.el5_5.21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kvm / kvm-qemu-img / kvm-tools\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-24T14:06:47", "description": "It was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service).\n(CVE-2010-0435)\n\nThis update also fixes the following bugs :\n\n - running a 'qemu-img' check on a faulty virtual machine image ended with a segmentation fault. With this update, the segmentation fault no longer occurs when running the 'qemu-img' check. (BZ#610342)\n\n - when attempting to transfer a file between two guests that were joined in the same virtual LAN (VLAN), the receiving guest unexpectedly quit. With this update, the transfer completes successfully. (BZ#610343)\n\n - installation of a system was occasionally failing in KVM. This was caused by KVM using wrong permissions for large guest pages. With this update, the installation completes successfully. (BZ#616796)\n\n - previously, the migration process would fail for a virtual machine because the virtual machine could not map all the memory. This was caused by a conflict that was initiated when a virtual machine was initially run and then migrated right away. With this update, the conflict no longer occurs and the migration process no longer fails. (BZ#618205)\n\n - using a thinly provisioned VirtIO disk on iSCSI storage and performing a 'qemu-img' check during an 'e_no_space' event returned cluster errors. With this update, the errors no longer appear. (BZ#618206)\n\nNOTE: The following procedure must be performed before this update will take effect :\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using 'modprobe -r [module]') and reload (using 'modprobe [module]') all of the following modules which are currently running (determined using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kvm on SL5.x x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0431", "CVE-2010-0435", "CVE-2010-2784"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100819_KVM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60837", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60837);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0431\", \"CVE-2010-0435\", \"CVE-2010-2784\");\n\n script_name(english:\"Scientific Linux Security Update : kvm on SL5.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged\nguest user could use this flaw to cause the host to dereference an\ninvalid pointer, causing the guest to crash (denial of service) or,\npossibly, resulting in the privileged guest user escalating their\nprivileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges\non the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a\nprocessor with the Intel VT-x extension enabled. A privileged guest\nuser could use this flaw to trick the host into emulating a certain\ninstruction, which could crash the host (denial of service).\n(CVE-2010-0435)\n\nThis update also fixes the following bugs :\n\n - running a 'qemu-img' check on a faulty virtual machine\n image ended with a segmentation fault. With this update,\n the segmentation fault no longer occurs when running the\n 'qemu-img' check. (BZ#610342)\n\n - when attempting to transfer a file between two guests\n that were joined in the same virtual LAN (VLAN), the\n receiving guest unexpectedly quit. With this update, the\n transfer completes successfully. (BZ#610343)\n\n - installation of a system was occasionally failing in\n KVM. This was caused by KVM using wrong permissions for\n large guest pages. With this update, the installation\n completes successfully. (BZ#616796)\n\n - previously, the migration process would fail for a\n virtual machine because the virtual machine could not\n map all the memory. This was caused by a conflict that\n was initiated when a virtual machine was initially run\n and then migrated right away. With this update, the\n conflict no longer occurs and the migration process no\n longer fails. (BZ#618205)\n\n - using a thinly provisioned VirtIO disk on iSCSI storage\n and performing a 'qemu-img' check during an 'e_no_space'\n event returned cluster errors. With this update, the\n errors no longer appear. (BZ#618206)\n\nNOTE: The following procedure must be performed before this update\nwill take effect :\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove\n(using 'modprobe -r [module]') and reload (using 'modprobe [module]')\nall of the following modules which are currently running (determined\nusing 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=610342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=610343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=616796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=618205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=618206\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=1755\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f47cfa92\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-164.el5_5.21\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-83-164.el5_5.21\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-164.el5_5.21\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-164.el5_5.21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T18:43:37", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBFREETYPE6-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/75578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libfreetype6-2918.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75578);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)\");\n script_summary(english:\"Check for the libfreetype6-2918 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - CVE-2010-1797: stack-based buffer overflow while\n processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing\n certain LWFN fonts\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreetype6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libfreetype6-2.3.12-7.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.3.12-7.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:33:53", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts", "cvss3": {"score": null, "vector": null}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2", "p-cpe:/a:novell:opensuse:freetype2-32bit", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_FREETYPE2-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/48753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update freetype2-2913.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48753);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)\");\n script_summary(english:\"Check for the freetype2-2913 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - CVE-2010-1797: stack-based buffer overflow while\n processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing\n certain LWFN fonts\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"freetype2-2.3.7-24.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"freetype2-devel-2.3.7-24.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-24.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.3.7-24.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-17T16:24:19", "description": "- Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-7\n\n - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid `runcnt' values.)\n\n - Resolves: #651764\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes)\n\n - Resolves: #613299\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-3\n\n - Add freetype-2.3.11-more-demos.patch\n\n - New demo programs ftmemchk, ftpatchk, and fttimer\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-2\n\n - Second try. Drop upstreamed patches.\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-1\n\n - 2.3.11\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-22T00:00:00", "type": "nessus", "title": "Fedora 12 : freetype-2.3.11-7.fc12 (2010-17755)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311", "CVE-2010-3855"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-17755.NASL", "href": "https://www.tenable.com/plugins/nessus/50672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17755.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50672);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3855\");\n script_bugtraq_id(44214);\n script_xref(name:\"FEDORA\", value:\"2010-17755\");\n\n script_name(english:\"Fedora 12 : freetype-2.3.11-7.fc12 (2010-17755)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-7\n\n - Add freetype-2.3.11-CVE-2010-3855.patch (Protect\n against invalid `runcnt' values.)\n\n - Resolves: #651764\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-3\n\n - Add freetype-2.3.11-more-demos.patch\n\n - New demo programs ftmemchk, ftpatchk, and fttimer\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-2\n\n - Second try. Drop upstreamed patches.\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-1\n\n - 2.3.11\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=645275\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2109caa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"freetype-2.3.11-7.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:34:11", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)", "cvss3": {"score": null, "vector": null}, "published": "2010-08-27T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12630)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12630.NASL", "href": "https://www.tenable.com/plugins/nessus/48900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48900);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"SuSE9 Security Update : freetype2 (YOU Patch Number 12630)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - stack-based buffer overflow while processing CFF\n opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2805.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2806.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2808.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12630.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-2.1.7-53.23\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-devel-2.1.7-53.23\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-32bit-9-201008121257\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-9-201008121257\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:33:52", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts", "cvss3": {"score": null, "vector": null}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2", "p-cpe:/a:novell:opensuse:freetype2-32bit", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_FREETYPE2-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/48755", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update freetype2-2913.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48755);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)\");\n script_summary(english:\"Check for the freetype2-2913 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - CVE-2010-1797: stack-based buffer overflow while\n processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing\n certain LWFN fonts\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"freetype2-2.3.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"freetype2-devel-2.3.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.3.9-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-17T16:24:36", "description": "- Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-7\n\n - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid `runcnt' values.)\n\n - Resolves: #651764\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-22T00:00:00", "type": "nessus", "title": "Fedora 13 : freetype-2.3.11-7.fc13 (2010-17728)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311", "CVE-2010-3855"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-17728.NASL", "href": "https://www.tenable.com/plugins/nessus/50670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17728.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50670);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3855\");\n script_bugtraq_id(44214);\n script_xref(name:\"FEDORA\", value:\"2010-17728\");\n\n script_name(english:\"Fedora 13 : freetype-2.3.11-7.fc13 (2010-17728)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-7\n\n - Add freetype-2.3.11-CVE-2010-3855.patch (Protect\n against invalid `runcnt' values.)\n\n - Resolves: #651764\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=645275\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6094cd6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"freetype-2.3.11-7.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:36:49", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)", "cvss3": {"score": null, "vector": null}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FREETYPE2-7121.NASL", "href": "https://www.tenable.com/plugins/nessus/49854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49854);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - stack-based buffer overflow while processing CFF\n opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2805.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2806.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2808.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7121.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"freetype2-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"freetype2-devel-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"freetype2-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"freetype2-devel-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:40:00", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)", "cvss3": {"score": null, "vector": null}, "published": "2010-12-02T00:00:00", "type": "nessus", "title": "SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:freetype2", "p-cpe:/a:novell:suse_linux:11:freetype2-32bit", "p-cpe:/a:novell:suse_linux:11:freetype2-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FREETYPE2-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/50905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50905);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - stack-based buffer overflow while processing CFF\n opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2805.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2806.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2808.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2914 / 2919 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:49", "description": "Multiple vulnerabilities has been found and corrected in freetype2 :\n\nMultiple integer underflows/overflows and heap buffer overflows was discovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519).\n\nA heap buffer overflow was discovered in the bytecode support. The bytecode support is NOT enabled per default in Mandriva due to previous patent claims, but packages by PLF is affected (CVE-2010-2520).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:libfreetype6", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-137.NASL", "href": "https://www.tenable.com/plugins/nessus/48195", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:137. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48195);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\");\n script_bugtraq_id(41663);\n script_xref(name:\"MDVSA\", value:\"2010:137\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:137)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in freetype2 :\n\nMultiple integer underflows/overflows and heap buffer overflows was\ndiscovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,\nCVE-2010-2500, CVE-2010-2519).\n\nA heap buffer overflow was discovered in the bytecode support. The\nbytecode support is NOT enabled per default in Mandriva due to\nprevious patent claims, but packages by PLF is affected\n(CVE-2010-2520).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30361\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:03:41", "description": "Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-06T00:00:00", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2010:0606)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2248", "CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xenU", "p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2010-0606.NASL", "href": "https://www.tenable.com/plugins/nessus/48257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0606. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48257);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2248\", \"CVE-2010-2521\");\n script_bugtraq_id(42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0606\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2010:0606)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)\nsubsystem in the Linux kernel had a reference counting bug. In certain\nsituations, some Network Lock Manager (NLM) messages may have\ntriggered this bug on NFSv2 and NFSv3 servers, leading to a kernel\npanic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to\n'/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0606\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-2248\", \"CVE-2010-2521\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2010:0606\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0606\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:32", "description": "Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-29T00:00:00", "type": "nessus", "title": "CentOS 4 : kernel (CESA-2010:0606)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2248", "CVE-2010-2521"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-devel", "p-cpe:/a:centos:centos:kernel-largesmp", "p-cpe:/a:centos:centos:kernel-largesmp-devel", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-devel", "p-cpe:/a:centos:centos:kernel-xenU", "p-cpe:/a:centos:centos:kernel-xenU-devel", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2010-0606.NASL", "href": "https://www.tenable.com/plugins/nessus/48909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0606 and \n# CentOS Errata and Security Advisory 2010:0606 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48909);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2248\", \"CVE-2010-2521\");\n script_bugtraq_id(42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0606\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2010:0606)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)\nsubsystem in the Linux kernel had a reference counting bug. In certain\nsituations, some Network Lock Manager (NLM) messages may have\ntriggered this bug on NFSv2 and NFSv3 servers, leading to a kernel\npanic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to\n'/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016952.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6225dd7a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016953.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42d2b795\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:47", "description": "This update fixes the following security issues :\n\n - a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n (CVE-2010-2248, Important)\n\n - buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution.\n (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n - the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2248", "CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100805_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60831);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2248\", \"CVE-2010-2521\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - a flaw was found in the CIFSSMBWrite() function in the\n Linux kernel Common Internet File System (CIFS)\n implementation. A remote attacker could send a specially\n crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service).\n (CVE-2010-2248, Important)\n\n - buffer overflow flaws were found in the Linux kernel's\n implementation of the server-side External Data\n Representation (XDR) for the Network File System (NFS)\n version 4. An attacker on the local network could send a\n specially crafted large compound request to the NFSv4\n server, which could possibly result in a kernel panic\n (denial of service) or, potentially, code execution.\n (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n - the rpc_call_async() function in the SUN Remote\n Procedure Call (RPC) subsystem in the Linux kernel had a\n reference counting bug. In certain situations, some\n Network Lock Manager (NLM) messages may have triggered\n this bug on NFSv2 and NFSv3 servers, leading to a kernel\n panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!'\n logged to '/var/log/messages'). (BZ#612962)\n\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612962\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=794\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73caa5af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:50:44", "description": "From Red Hat Security Advisory 2010:0606 :\n\nUpdated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : kernel (ELSA-2010-0606)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2248", "CVE-2010-2521"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-devel", "p-cpe:/a:oracle:linux:kernel-largesmp", "p-cpe:/a:oracle:linux:kernel-largesmp-devel", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-devel", "p-cpe:/a:oracle:linux:kernel-xenU", "p-cpe:/a:oracle:linux:kernel-xenU-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2010-0606.NASL", "href": "https://www.tenable.com/plugins/nessus/68079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0606 and \n# Oracle Linux Security Advisory ELSA-2010-0606 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68079);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2010-2248\", \"CVE-2010-2521\");\n script_bugtraq_id(42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0606\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2010-0606)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0606 :\n\nUpdated kernel packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)\nsubsystem in the Linux kernel had a reference counting bug. In certain\nsituations, some Network Lock Manager (NLM) messages may have\ntriggered this bug on NFSv2 and NFSv3 servers, leading to a kernel\npanic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to\n'/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001586.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2010-2248\", \"CVE-2010-2521\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2010-0606\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-doc-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:50", "description": "Security update plus some additional bug fixes. Fixes backported from Fedora 13: - Fixes inotify IN_ONESHOT support and restores proper inotify reporting of filesystem unmount events. - Stability fix for mobile Intel graphics adapters (i945GM). - Fixes memory corruption when using hibernation on machines with Intel graphics. - Adds code to disable PCIe ASPM support on systems that don't support it properly.\n(Some users may still need to use the option 'pcie_aspm=off' to fix problems with certain PCI Express cards.)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "Fedora 12 : kernel-2.6.32.16-150.fc12 (2010-11412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2066", "CVE-2010-2524"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-11412.NASL", "href": "https://www.tenable.com/plugins/nessus/48228", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11412.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48228);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2066\", \"CVE-2010-2524\");\n script_bugtraq_id(41466, 41904);\n script_xref(name:\"FEDORA\", value:\"2010-11412\");\n\n script_name(english:\"Fedora 12 : kernel-2.6.32.16-150.fc12 (2010-11412)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update plus some additional bug fixes. Fixes backported from\nFedora 13: - Fixes inotify IN_ONESHOT support and restores proper\ninotify reporting of filesystem unmount events. - Stability fix for\nmobile Intel graphics adapters (i945GM). - Fixes memory corruption\nwhen using hibernation on machines with Intel graphics. - Adds code to\ndisable PCIe ASPM support on systems that don't support it properly.\n(Some users may still need to use the option 'pcie_aspm=off' to fix\nproblems with certain PCI Express cards.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=601006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612166\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/044962.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b19ba9d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"kernel-2.6.32.16-150.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:03:31", "description": "The following issues have been fixed in OpenLDAP: specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212).\n\nalso fixed was following bug :\n\n - Delete Operations happening during the 'Refresh' phase of 'refreshAndPersist' replication failed to replicate under certain circumstances (bnc#606294, ITS#6555)", "cvss3": {"score": null, "vector": null}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0546-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libldap-2_4-2", "p-cpe:/a:novell:opensuse:libldap-2_4-2-32bit", "p-cpe:/a:novell:opensuse:openldap2", "p-cpe:/a:novell:opensuse:openldap2-back-meta", "p-cpe:/a:novell:opensuse:openldap2-back-perl", "p-cpe:/a:novell:opensuse:openldap2-client", "p-cpe:/a:novell:opensuse:openldap2-devel", "p-cpe:/a:novell:opensuse:openldap2-devel-32bit", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_LIBLDAP-2_4-2-100707.NASL", "href": "https://www.tenable.com/plugins/nessus/48756", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libldap-2_4-2-2657.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48756);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n\n script_name(english:\"openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0546-1)\");\n script_summary(english:\"Check for the libldap-2_4-2-2657 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed in OpenLDAP: specially crafted\nMODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and\nCVE-2010-0212).\n\nalso fixed was following bug :\n\n - Delete Operations happening during the 'Refresh' phase\n of 'refreshAndPersist' replication failed to replicate\n under certain circumstances (bnc#606294, ITS#6555)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=606294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00057.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libldap-2_4-2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldap-2_4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldap-2_4-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-back-meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-back-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libldap-2_4-2-2.4.17-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openldap2-2.4.17-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openldap2-back-meta-2.4.17-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openldap2-back-perl-2.4.17-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openldap2-client-2.4.17-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openldap2-devel-2.4.17-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libldap-2_4-2-32bit-2.4.17-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.4.17-5.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:46", "description": "The following issues have been fixed in OpenLDAP: specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212).", "cvss3": {"score": null, "vector": null}, "published": "2010-07-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openldap2 (openSUSE-SU-2010:0427-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openldap2", "p-cpe:/a:novell:opensuse:openldap2-back-meta", "p-cpe:/a:novell:opensuse:openldap2-back-perl", "p-cpe:/a:novell:opensuse:openldap2-client", "p-cpe:/a:novell:opensuse:openldap2-client-32bit", "p-cpe:/a:novell:opensuse:openldap2-devel", "p-cpe:/a:novell:opensuse:openldap2-devel-32bit", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_OPENLDAP2-100712.NASL", "href": "https://www.tenable.com/plugins/nessus/47819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openldap2-2727.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47819);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n\n script_name(english:\"openSUSE Security Update : openldap2 (openSUSE-SU-2010:0427-1)\");\n script_summary(english:\"Check for the openldap2-2727 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed in OpenLDAP: specially crafted\nMODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and\nCVE-2010-0212).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-07/msg00036.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-back-meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-back-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openldap2-2.4.9-7.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openldap2-back-meta-2.4.9-7.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openldap2-back-perl-2.4.9-7.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openldap2-client-2.4.9-7.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openldap2-devel-2.4.9-7.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"openldap2-client-32bit-2.4.9-7.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.4.9-7.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:35", "description": "Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences.\n\n - CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "Debian DSA-2077-1 : openldap - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openldap", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2077.NASL", "href": "https://www.tenable.com/plugins/nessus/48220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2077. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48220);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n script_bugtraq_id(41770);\n script_xref(name:\"DSA\", value:\"2077\");\n\n script_name(english:\"Debian DSA-2077-1 : openldap - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two remote vulnerabilities have been discovered in OpenLDAP. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2010-0211\n The slap_modrdn2mods function in modrdn.c in OpenLDAP\n 2.4.22 does not check the return value of a call to the\n smr_normalize function, which allows remote attackers to\n cause a denial of service (segmentation fault) and\n possibly execute arbitrary code via a modrdn call with\n an RDN string containing invalid UTF-8 sequences.\n\n - CVE-2010-0212\n OpenLDAP 2.4.22 allows remote attackers to cause a\n denial of service (crash) via a modrdn call with a\n zero-length RDN destination string.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2077\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openldap packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.11-1+lenny2. (The missing update for the mips architecture\nwill be provided soon.)\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"ldap-utils\", reference:\"2.4.11-1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libldap-2.4-2\", reference:\"2.4.11-1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libldap-2.4-2-dbg\", reference:\"2.4.11-1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libldap2-dev\", reference:\"2.4.11-1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"slapd\", reference:\"2.4.11-1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"slapd-dbg\", reference:\"2.4.11-1+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:21", "description": "Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salomaki discovered that the slap_modrdn2mods function in modrdn.c in OpenLDAP does not check the return value from a call to the smr_normalize function. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon or possibly execute arbitrary code. (CVE-2010-0211)\n\nUsing the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salomaki discovered that OpenLDAP does not properly handle empty RDN strings. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon. (CVE-2010-0212)\n\nIn the default installation under Ubuntu 8.04 LTS and later, attackers would be isolated by the OpenLDAP AppArmor profile for the slapd daemon.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openldap, openldap2.2, openldap2.3 vulnerabilities (USN-965-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ldap-utils", "p-cpe:/a:canonical:ubuntu_linux:libldap-2.2-7", "p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2", "p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2-dbg", "p-cpe:/a:canonical:ubuntu_linux:libldap2-dev", "p-cpe:/a:canonical:ubuntu_linux:slapd", "p-cpe:/a:canonical:ubuntu_linux:slapd-dbg", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-965-1.NASL", "href": "https://www.tenable.com/plugins/nessus/48282", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-965-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48282);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n script_bugtraq_id(41770);\n script_xref(name:\"USN\", value:\"965-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openldap, openldap2.2, openldap2.3 vulnerabilities (USN-965-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas\nSalomaki discovered that the slap_modrdn2mods function in modrdn.c in\nOpenLDAP does not check the return value from a call to the\nsmr_normalize function. A remote attacker could use specially crafted\nmodrdn requests to crash the slapd daemon or possibly execute\narbitrary code. (CVE-2010-0211)\n\nUsing the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas\nSalomaki discovered that OpenLDAP does not properly handle empty RDN\nstrings. A remote attacker could use specially crafted modrdn requests\nto crash the slapd daemon. (CVE-2010-0212)\n\nIn the default installation under Ubuntu 8.04 LTS and later, attackers\nwould be isolated by the OpenLDAP AppArmor profile for the slapd\ndaemon.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/965-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ldap-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap-2.2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ldap-utils\", pkgver:\"2.2.26-5ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libldap-2.2-7\", pkgver:\"2.2.26-5ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"slapd\", pkgver:\"2.2.26-5ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ldap-utils\", pkgver:\"2.4.9-0ubuntu0.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libldap-2.4-2\", pkgver:\"2.4.9-0ubuntu0.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libldap-2.4-2-dbg\", pkgver:\"2.4.9-0ubuntu0.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libldap2-dev\", pkgver:\"2.4.9-0ubuntu0.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"slapd\", pkgver:\"2.4.9-0ubuntu0.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"slapd-dbg\", pkgver:\"2.4.9-0ubuntu0.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ldap-utils\", pkgver:\"2.4.15-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libldap-2.4-2\", pkgver:\"2.4.15-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libldap-2.4-2-dbg\", pkgver:\"2.4.15-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libldap2-dev\", pkgver:\"2.4.15-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"slapd\", pkgver:\"2.4.15-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"slapd-dbg\", pkgver:\"2.4.15-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ldap-utils\", pkgver:\"2.4.18-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libldap-2.4-2\", pkgver:\"2.4.18-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libldap-2.4-2-dbg\", pkgver:\"2.4.18-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libldap2-dev\", pkgver:\"2.4.18-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"slapd\", pkgver:\"2.4.18-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"slapd-dbg\", pkgver:\"2.4.18-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"ldap-utils\", pkgver:\"2.4.21-0ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libldap-2.4-2\", pkgver:\"2.4.21-0ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libldap-2.4-2-dbg\", pkgver:\"2.4.21-0ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libldap2-dev\", pkgver:\"2.4.21-0ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"slapd\", pkgver:\"2.4.21-0ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"slapd-dbg\", pkgver:\"2.4.21-0ubuntu5.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ldap-utils / libldap-2.2-7 / libldap-2.4-2 / libldap-2.4-2-dbg / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:02:29", "description": "Several issues have been fixed in OpenLDAP :\n\n - specially crafted MODRDN operations can crash the OpenLDAP server. (CVE-2010-0211 / CVE-2010-0212)\n\n - syncrepl might loose deletes in refreshAndPersist mode\n\n - DoS when handling 0-bytes", "cvss3": {"score": null, "vector": null}, "published": "2010-12-02T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : openLDAP (SAT Patch Number 2552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libldap-2_4-2", "p-cpe:/a:novell:suse_linux:11:libldap-2_4-2-32bit", "p-cpe:/a:novell:suse_linux:11:openldap2", "p-cpe:/a:novell:suse_linux:11:openldap2-back-meta", "p-cpe:/a:novell:suse_linux:11:openldap2-client", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBLDAP-2_4-2-100615.NASL", "href": "https://www.tenable.com/plugins/nessus/50933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50933);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n\n script_name(english:\"SuSE 11 Security Update : openLDAP (SAT Patch Number 2552)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been fixed in OpenLDAP :\n\n - specially crafted MODRDN operations can crash the\n OpenLDAP server. (CVE-2010-0211 / CVE-2010-0212)\n\n - syncrepl might loose deletes in refreshAndPersist mode\n\n - DoS when handling 0-bytes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=606294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0212.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2552.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libldap-2_4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libldap-2_4-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2-back-meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libldap-2_4-2-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"openldap2-client-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libldap-2_4-2-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libldap-2_4-2-32bit-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"openldap2-client-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libldap-2_4-2-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"openldap2-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"openldap2-back-meta-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"openldap2-client-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libldap-2_4-2-32bit-2.4.12-7.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libldap-2_4-2-32bit-2.4.12-7.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:54:23", "description": "From Red Hat Security Advisory 2010:0542 :\n\nUpdated openldap packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.\n\nMultiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially crafted modrdn requests.\n(CVE-2010-0211, CVE-2010-0212)\n\nRed Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issues.\n\nUsers of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : openldap (ELSA-2010-0542)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:compat-openldap", "p-cpe:/a:oracle:linux:openldap", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel", "p-cpe:/a:oracle:linux:openldap-servers", "p-cpe:/a:oracle:linux:openldap-servers-overlays", "p-cpe:/a:oracle:linux:openldap-servers-sql", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0542.NASL", "href": "https://www.tenable.com/plugins/nessus/68064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0542 and \n# Oracle Linux Security Advisory ELSA-2010-0542 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68064);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n script_bugtraq_id(41770);\n script_xref(name:\"RHSA\", value:\"2010:0542\");\n\n script_name(english:\"Oracle Linux 5 : openldap (ELSA-2010-0542)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0542 :\n\nUpdated openldap packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nMultiple flaws were discovered in the way the slapd daemon handled\nmodify relative distinguished name (modrdn) requests. An authenticated\nuser with privileges to perform modrdn operations could use these\nflaws to crash the slapd daemon via specially crafted modrdn requests.\n(CVE-2010-0211, CVE-2010-0212)\n\nRed Hat would like to thank CERT-FI for responsibly reporting these\nflaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery\nof the issues.\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain a backported patch to correct these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001545.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-overlays\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"compat-openldap-2.3.43_2.2.29-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-clients-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-devel-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-servers-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-servers-overlays-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-servers-sql-2.3.43-12.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:57:47", "description": "Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially crafted modrdn requests.\n(CVE-2010-0211, CVE-2010-0212)\n\nAfter installing this update, the OpenLDAP daemons will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openldap on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100720_OPENLDAP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60819);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n\n script_name(english:\"Scientific Linux Security Update : openldap on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were discovered in the way the slapd daemon handled\nmodify relative distinguished name (modrdn) requests. An authenticated\nuser with privileges to perform modrdn operations could use these\nflaws to crash the slapd daemon via specially crafted modrdn requests.\n(CVE-2010-0211, CVE-2010-0212)\n\nAfter installing this update, the OpenLDAP daemons will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=1863\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db8fc7b0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"compat-openldap-2.3.43_2.2.29-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-clients-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-devel-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-servers-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-servers-overlays-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-servers-sql-2.3.43-12.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:02:43", "description": "- fixed regression caused by tls accept patch\n\n - updated autofs schema\n\n - openldap built with conectionless support\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-01T00:00:00", "type": "nessus", "title": "Fedora 12 : openldap-2.4.19-6.fc12 (2010-11319)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openldap", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-11319.NASL", "href": "https://www.tenable.com/plugins/nessus/50428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11319.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50428);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n script_bugtraq_id(41770);\n script_xref(name:\"FEDORA\", value:\"2010-11319\");\n\n script_name(english:\"Fedora 12 : openldap-2.4.19-6.fc12 (2010-11319)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fixed regression caused by tls accept patch\n\n - updated autofs schema\n\n - openldap built with conectionless support\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=605448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=605452\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050185.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1fcd39a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"openldap-2.4.19-6.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:46", "description": "Updated openldap packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.\n\nMultiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially crafted modrdn requests.\n(CVE-2010-0211, CVE-2010-0212)\n\nRed Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issues.\n\nUsers of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-22T00:00:00", "type": "nessus", "title": "CentOS 5 : openldap (CESA-2010:0542)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:compat-openldap", "p-cpe:/a:centos:centos:openldap", "p-cpe:/a:centos:centos:openldap-clients", "p-cpe:/a:centos:centos:openldap-devel", "p-cpe:/a:centos:centos:openldap-servers", "p-cpe:/a:centos:centos:openldap-servers-overlays", "p-cpe:/a:centos:centos:openldap-servers-sql", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0542.NASL", "href": "https://www.tenable.com/plugins/nessus/47789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0542 and \n# CentOS Errata and Security Advisory 2010:0542 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47789);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n script_bugtraq_id(41770);\n script_xref(name:\"RHSA\", value:\"2010:0542\");\n\n script_name(english:\"CentOS 5 : openldap (CESA-2010:0542)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nMultiple flaws were discovered in the way the slapd daemon handled\nmodify relative distinguished name (modrdn) requests. An authenticated\nuser with privileges to perform modrdn operations could use these\nflaws to crash the slapd daemon via specially crafted modrdn requests.\n(CVE-2010-0211, CVE-2010-0212)\n\nRed Hat would like to thank CERT-FI for responsibly reporting these\nflaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery\nof the issues.\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain a backported patch to correct these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016817.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bae158a8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34eae7ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers-overlays\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"compat-openldap-2.3.43_2.2.29-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-clients-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-devel-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-servers-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-servers-overlays-2.3.43-12.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-servers-sql-2.3.43-12.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:02:39", "description": "Several issues have been fixed in OpenLDAP: - specially crafted MODRDN operations can crash the OpenLDAP server. (CVE-2010-0211 / CVE-2010-0212)\n\n - syncrepl might loose deletes in refreshAndPersist mode - replicating from a SLES11 master to a SLES10 slave can cause inconsistencies - libldap hangs with 100% CPU when referral chasing is enabled", "cvss3": {"score": null, "vector": null}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : openLDAP (ZYPP Patch Number 7074)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENLDAP2-7074.NASL", "href": "https://www.tenable.com/plugins/nessus/49907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49907);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n\n script_name(english:\"SuSE 10 Security Update : openLDAP (ZYPP Patch Number 7074)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been fixed in OpenLDAP: - specially crafted MODRDN\noperations can crash the OpenLDAP server. (CVE-2010-0211 /\nCVE-2010-0212)\n\n - syncrepl might loose deletes in refreshAndPersist mode -\n replicating from a SLES11 master to a SLES10 slave can\n cause inconsistencies - libldap hangs with 100% CPU when\n referral chasing is enabled\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0212.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7074.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"openldap2-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"openldap2-client-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"openldap2-devel-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"openldap2-client-32bit-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openldap2-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openldap2-back-meta-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openldap2-back-perl-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openldap2-client-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openldap2-devel-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"openldap2-client-32bit-2.3.32-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.3.32-0.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:01:56", "description": "Several issues have been fixed in OpenLDAP :\n\n - specially crafted MODRDN operations can crash the OpenLDAP server. (CVE-2010-0211 / CVE-2010-0212)\n\n - syncrepl might loose deletes in refreshAndPersist mode", "cvss3": {"score": null, "vector": null}, "published": "2011-01-21T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : openLDAP (SAT Patch Number 2551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libldap-2_4-2", "p-cpe:/a:novell:suse_linux:11:libldap-2_4-2-32bit", "p-cpe:/a:novell:suse_linux:11:openldap2", "p-cpe:/a:novell:suse_linux:11:openldap2-back-meta", "p-cpe:/a:novell:suse_linux:11:openldap2-client", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBLDAP-2_4-2-100616.NASL", "href": "https://www.tenable.com/plugins/nessus/51616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51616);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n\n script_name(english:\"SuSE 11.1 Security Update : openLDAP (SAT Patch Number 2551)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been fixed in OpenLDAP :\n\n - specially crafted MODRDN operations can crash the\n OpenLDAP server. (CVE-2010-0211 / CVE-2010-0212)\n\n - syncrepl might loose deletes in refreshAndPersist mode\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=606294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0212.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2551.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libldap-2_4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libldap-2_4-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2-back-meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libldap-2_4-2-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"openldap2-client-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libldap-2_4-2-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libldap-2_4-2-32bit-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"openldap2-client-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libldap-2_4-2-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openldap2-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openldap2-back-meta-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openldap2-client-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libldap-2_4-2-32bit-2.4.20-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libldap-2_4-2-32bit-2.4.20-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:46", "description": "Updated openldap packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.\n\nMultiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially crafted modrdn requests.\n(CVE-2010-0211, CVE-2010-0212)\n\nRed Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issues.\n\nUsers of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-28T00:00:00", "type": "nessus", "title": "RHEL 5 : openldap (RHSA-2010:0542)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:compat-openldap", "p-cpe:/a:redhat:enterprise_linux:openldap", "p-cpe:/a:redhat:enterprise_linux:openldap-clients", "p-cpe:/a:redhat:enterprise_linux:openldap-devel", "p-cpe:/a:redhat:enterprise_linux:openldap-servers", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-overlays", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0542.NASL", "href": "https://www.tenable.com/plugins/nessus/47877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0542. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47877);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n script_bugtraq_id(41770);\n script_xref(name:\"RHSA\", value:\"2010:0542\");\n\n script_name(english:\"RHEL 5 : openldap (RHSA-2010:0542)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nMultiple flaws were discovered in the way the slapd daemon handled\nmodify relative distinguished name (modrdn) requests. An authenticated\nuser with privileges to perform modrdn operations could use these\nflaws to crash the slapd daemon via specially crafted modrdn requests.\n(CVE-2010-0211, CVE-2010-0212)\n\nRed Hat would like to thank CERT-FI for responsibly reporting these\nflaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery\nof the issues.\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain a backported patch to correct these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0542\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-overlays\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0542\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"compat-openldap-2.3.43_2.2.29-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openldap-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-clients-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-clients-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-clients-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openldap-devel-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-overlays-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-overlays-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-overlays-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-sql-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-sql-2.3.43-12.el5_5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-sql-2.3.43-12.el5_5.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:46", "description": "Multiple vulnerabilities has been discovered and corrected in openldap :\n\nThe slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite (CVE-2010-0211).\n\nOpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite (CVE-2010-0212).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : openldap (MDVSA-2010:142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64ldap2.3_0", "p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel", "p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel", "p-cpe:/a:mandriva:linux:libldap2.3_0", "p-cpe:/a:mandriva:linux:libldap2.3_0-devel", "p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel", "p-cpe:/a:mandriva:linux:libldap2.4_2", "p-cpe:/a:mandriva:linux:libldap2.4_2-devel", "p-cpe:/a:mandriva:linux:libldap2.4_2-static-devel", "p-cpe:/a:mandriva:linux:openldap", "p-cpe:/a:mandriva:linux:openldap-clients", "p-cpe:/a:mandriva:linux:openldap-doc", "p-cpe:/a:mandriva:linux:openldap-servers", "p-cpe:/a:mandriva:linux:openldap-testprogs", "p-cpe:/a:mandriva:linux:openldap-tests", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-142.NASL", "href": "https://www.tenable.com/plugins/nessus/48200", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:142. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48200);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n script_bugtraq_id(41770);\n script_xref(name:\"MDVSA\", value:\"2010:142\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openldap (MDVSA-2010:142)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nopenldap :\n\nThe slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not\ncheck the return value of a call to the smr_normalize function, which\nallows remote attackers to cause a denial of service (segmentation\nfault) and possibly execute arbitrary code via a modrdn call with an\nRDN string containing invalid UTF-8 sequences, which triggers a free\nof an invalid, uninitialized pointer in the slap_mods_free function,\nas demonstrated using the Codenomicon LDAPv3 test suite\n(CVE-2010-0211).\n\nOpenLDAP 2.4.22 allows remote attackers to cause a denial of service\n(crash) via a modrdn call with a zero-length RDN destination string,\nwhich is not properly handled by the smr_normalize function and\ntriggers a NULL pointer dereference in the IA5StringNormalize function\nin schema_init.c, as demonstrated using the Codenomicon LDAPv3 test\nsuite (CVE-2010-0212).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-testprogs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-devel-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-static-devel-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-devel-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-static-devel-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-clients-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-doc-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-servers-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-testprogs-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-tests-2.3.38-3.5mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libldap2.4_2-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libldap2.4_2-devel-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libldap2.4_2-static-devel-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-clients-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-doc-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-servers-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-testprogs-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-tests-2.4.11-3.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libldap2.4_2-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libldap2.4_2-devel-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libldap2.4_2-static-devel-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-clients-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-doc-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-servers-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-testprogs-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-tests-2.4.16-1.2mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libldap2.4_2-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libldap2.4_2-devel-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libldap2.4_2-static-devel-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openldap-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openldap-clients-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openldap-doc-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openldap-servers-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openldap-testprogs-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"openldap-tests-2.4.19-2.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libldap2.4_2-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libldap2.4_2-devel-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libldap2.4_2-static-devel-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"openldap-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"openldap-clients-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"openldap-doc-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"openldap-servers-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"openldap-testprogs-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"openldap-tests-2.4.22-2.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:31", "description": "The following issues have been fixed in OpenLDAP: specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212).\n\nalso fixed were following bugs :\n\n - adding a 'postalAdress' Attribute with an embedded NUL value caused the LDAP server to terminate with an assertion failure (bnc#555725, ITS#6379)\n\n - Delete Operations happening during the 'Refresh' phase of 'refreshAndPersist' replication failed to replicate under certain circumstances (bnc#606294, ITS#6555)", "cvss3": {"score": null, "vector": null}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0547-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libldap-2_4-2", "p-cpe:/a:novell:opensuse:libldap-2_4-2-32bit", "p-cpe:/a:novell:opensuse:openldap2", "p-cpe:/a:novell:opensuse:openldap2-back-meta", "p-cpe:/a:novell:opensuse:openldap2-back-perl", "p-cpe:/a:novell:opensuse:openldap2-client", "p-cpe:/a:novell:opensuse:openldap2-devel", "p-cpe:/a:novell:opensuse:openldap2-devel-32bit", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_LIBLDAP-2_4-2-100707.NASL", "href": "https://www.tenable.com/plugins/nessus/48754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libldap-2_4-2-2658.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48754);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n\n script_name(english:\"openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0547-1)\");\n script_summary(english:\"Check for the libldap-2_4-2-2658 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed in OpenLDAP: specially crafted\nMODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and\nCVE-2010-0212).\n\nalso fixed were following bugs :\n\n - adding a 'postalAdress' Attribute with an embedded NUL\n value caused the LDAP server to terminate with an\n assertion failure (bnc#555725, ITS#6379)\n\n - Delete Operations happening during the 'Refresh' phase\n of 'refreshAndPersist' replication failed to replicate\n under certain circumstances (bnc#606294, ITS#6555)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=606294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00058.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libldap-2_4-2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldap-2_4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldap-2_4-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-back-meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-back-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openldap2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libldap-2_4-2-2.4.12-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openldap2-2.4.12-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openldap2-back-meta-2.4.12-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openldap2-back-perl-2.4.12-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openldap2-client-2.4.12-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openldap2-devel-2.4.12-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libldap-2_4-2-32bit-2.4.12-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.4.12-5.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:24", "description": "- Tue Jul 20 2010 Jan Vcelak <jvcelak at redhat.com> - 2.4.21-10\n\n - CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)\n\n - CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452)\n\n - obsolete configuration file moved to /usr/share/openldap-servers (#612602)\n\n - Thu Jul 1 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-9\n\n - another shot at previous fix\n\n - Wed Jun 30 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-8\n\n - fixed issue with owner of /usr/lib/ldap/__db.* (#609523)\n\n - Thu May 27 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-7\n\n - updated autofs schema (#587722)\n\n - openldap built with conectionless support (#587722)\n\n - Fri Mar 19 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-6\n\n - moved slapd to start earlier during boot sequence\n\n - Tue Mar 16 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-5\n\n - minor corrections of init script (#571235, #570057, #573804)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-24T00:00:00", "type": "nessus", "title": "Fedora 13 : openldap-2.4.21-10.fc13 (2010-11343)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openldap", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-11343.NASL", "href": "https://www.tenable.com/plugins/nessus/48410", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11343.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48410);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n script_bugtraq_id(41770);\n script_xref(name:\"FEDORA\", value:\"2010-11343\");\n\n script_name(english:\"Fedora 13 : openldap-2.4.21-10.fc13 (2010-11343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Jul 20 2010 Jan Vcelak <jvcelak at redhat.com> -\n 2.4.21-10\n\n - CVE-2010-0211 openldap: modrdn processing\n uninitialized pointer free (#605448)\n\n - CVE-2010-0212 openldap: modrdn processing\n IA5StringNormalize NULL pointer dereference (#605452)\n\n - obsolete configuration file moved to\n /usr/share/openldap-servers (#612602)\n\n - Thu Jul 1 2010 Jan Zeleny <jzeleny at redhat.com> -\n 2.4.21-9\n\n - another shot at previous fix\n\n - Wed Jun 30 2010 Jan Zeleny <jzeleny at redhat.com> -\n 2.4.21-8\n\n - fixed issue with owner of /usr/lib/ldap/__db.*\n (#609523)\n\n - Thu May 27 2010 Jan Zeleny <jzeleny at redhat.com> -\n 2.4.21-7\n\n - updated autofs schema (#587722)\n\n - openldap built with conectionless support (#587722)\n\n - Fri Mar 19 2010 Jan Zeleny <jzeleny at redhat.com> -\n 2.4.21-6\n\n - moved slapd to start earlier during boot sequence\n\n - Tue Mar 16 2010 Jan Zeleny <jzeleny at redhat.com> -\n 2.4.21-5\n\n - minor corrections of init script (#571235, #570057,\n #573804)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=605448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=605452\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046039.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b795586\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"openldap-2.4.21-10.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:24", "description": "This update fixes two denial of service bugs in the openldap server while handling MODRDN operations. (CVE-2010-0211 and CVE-2010-0212)", "cvss3": {"score": null, "vector": null}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : openLDAP2 (YOU Patch Number 12624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12624.NASL", "href": "https://www.tenable.com/plugins/nessus/48752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48752);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0211\", \"CVE-2010-0212\");\n\n script_name(english:\"SuSE9 Security Update : openLDAP2 (YOU Patch Number 12624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two denial of service bugs in the openldap server\nwhile handling MODRDN operations. (CVE-2010-0211 and CVE-2010-0212)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0212.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12624.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-2.2.24-4.33\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-back-ldap-2.2.24-4.33\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-back-meta-2.2.24-4.33\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-back-monitor-2.2.24-4.33\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-back-perl-2.2.24-4.33\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-client-2.2.24-4.33\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-devel-2.2.24-4.33\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"openldap2-client-32bit-9-201006301103\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"openldap2-devel-32bit-9-201006301103\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:43", "description": "Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD daemon. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-0758 Rob Leslie discovered a denial of service vulnerability in the code used to reflect unicast mDNS traffic.\n\n - CVE-2010-2244 Ludwig Nussel discovered a denial of service vulnerability in the processing of malformed DNS packets.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-05T00:00:00", "type": "nessus", "title": "Debian DSA-2086-1 : avahi - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0758", "CVE-2010-2244"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:avahi", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2086.NASL", "href": "https://www.tenable.com/plugins/nessus/48248", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2086. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48248);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0758\", \"CVE-2010-2244\");\n script_bugtraq_id(33946, 41075);\n script_xref(name:\"DSA\", value:\"2086\");\n\n script_name(english:\"Debian DSA-2086-1 : avahi - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD\ndaemon. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2009-0758\n Rob Leslie discovered a denial of service vulnerability\n in the code used to reflect unicast mDNS traffic.\n\n - CVE-2010-2244\n Ludwig Nussel discovered a denial of service\n vulnerability in the processing of malformed DNS\n packets.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the Avahi packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.6.23-3lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:avahi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"avahi-autoipd\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"avahi-daemon\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"avahi-dbg\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"avahi-discover\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"avahi-dnsconfd\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"avahi-ui-utils\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"avahi-utils\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-client-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-client3\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-common-data\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-common-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-common3\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-compat-howl-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-compat-howl0\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-compat-libdnssd-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-compat-libdnssd1\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-core-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-core5\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-glib-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-glib1\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-gobject-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-gobject0\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-qt3-1\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-qt3-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-qt4-1\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-qt4-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-ui-dev\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavahi-ui0\", reference:\"0.6.23-3lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"python-avahi\", reference:\"0.6.23-3lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:57:30", "description": "A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets.\n(CVE-2010-2244)\n\nA flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default.\n(CVE-2009-0758)\n\nAfter installing the update, avahi-daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : avahi on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0758", "CVE-2010-2244"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100713_AVAHI_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60814", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60814);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0758\", \"CVE-2010-2244\");\n\n script_name(english:\"Scientific Linux Security Update : avahi on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way the Avahi daemon (avahi-daemon) processed\nMulticast DNS (mDNS) packets with corrupted checksums. An attacker on\nthe local network could use this flaw to cause avahi-daemon on a\ntarget system to exit unexpectedly via specially crafted mDNS packets.\n(CVE-2010-2244)\n\nA flaw was found in the way avahi-daemon processed incoming unicast\nmDNS messages. If the mDNS reflector were enabled on a system, an\nattacker on the local network could send a specially crafted unicast\nmDNS message to that system, resulting in its avahi-daemon flooding\nthe network with a multicast packet storm, and consuming a large\namount of CPU. Note: The mDNS reflector is disabled by default.\n(CVE-2009-0758)\n\nAfter installing the update, avahi-daemon will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=1275\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c50576e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"avahi-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-compat-howl-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-compat-howl-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-compat-libdns_sd-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-compat-libdns_sd-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-glib-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-glib-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-qt3-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-qt3-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"avahi-tools-0.6.16-9.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:03:06", "description": "It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only affected Ubuntu 8.04 LTS and 9.04.\n(CVE-2009-0758)\n\nIt was discovered that Avahi incorrectly handled mDNS packets with corrupted checksums. A remote attacker could send crafted mDNS packets and cause Avahi to crash, resulting in a denial of service.\n(CVE-2010-2244).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-06T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : avahi vulnerabilities (USN-992-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0758", "CVE-2010-2244"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:avahi-autoipd", "p-cpe:/a:canonical:ubuntu_linux:avahi-daemon", "p-cpe:/a:canonical:ubuntu_linux:avahi-dbg", "p-cpe:/a:canonical:ubuntu_linux:avahi-discover", "p-cpe:/a:canonical:ubuntu_linux:avahi-dnsconfd", "p-cpe:/a:canonical:ubuntu_linux:avahi-ui-utils", "p-cpe:/a:canonical:ubuntu_linux:avahi-utils", "p-cpe:/a:canonical:ubuntu_linux:libavahi-client-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-client3", "p-cpe:/a:canonical:ubuntu_linux:libavahi-common-data", "p-cpe:/a:canonical:ubuntu_linux:libavahi-common-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-common3", "p-cpe:/a:canonical:ubuntu_linux:libavahi-compat-howl-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-compat-howl0", "p-cpe:/a:canonical:ubuntu_linux:libavahi-compat-libdnssd-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-compat-libdnssd1", "p-cpe:/a:canonical:ubuntu_linux:libavahi-core-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-core5", "p-cpe:/a:canonical:ubuntu_linux:libavahi-core6", "p-cpe:/a:canonical:ubuntu_linux:libavahi-glib-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-glib1", "p-cpe:/a:canonical:ubuntu_linux:libavahi-gobject-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-gobject0", "p-cpe:/a:canonical:ubuntu_linux:libavahi-qt3-1", "p-cpe:/a:canonical:ubuntu_linux:libavahi-qt3-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-qt4-1", "p-cpe:/a:canonical:ubuntu_linux:libavahi-qt4-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-ui-dev", "p-cpe:/a:canonical:ubuntu_linux:libavahi-ui0", "p-cpe:/a:canonical:ubuntu_linux:python-avahi", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-992-1.NASL", "href": "https://www.tenable.com/plugins/nessus/49761", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-992-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49761);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-0758\", \"CVE-2010-2244\");\n script_bugtraq_id(33946, 41075);\n script_xref(name:\"USN\", value:\"992-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : avahi vulnerabilities (USN-992-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Avahi incorrectly handled certain mDNS query\npackets when the reflector feature is enabled, which is not the\ndefault configuration on Ubuntu. A remote attacker could send crafted\nmDNS queries and perform a denial of service on the server and on the\nnetwork. This issue only affected Ubuntu 8.04 LTS and 9.04.\n(CVE-2009-0758)\n\nIt was discovered that Avahi incorrectly handled mDNS packets with\ncorrupted checksums. A remote attacker could send crafted mDNS packets\nand cause Avahi to crash, resulting in a denial of service.\n(CVE-2010-2244).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/992-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avahi-autoipd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avahi-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avahi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avahi-discover\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avahi-dnsconfd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avahi-ui-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avahi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-client-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-client3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-common-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-common-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-common3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-compat-howl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-compat-howl0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-compat-libdnssd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-compat-libdnssd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-core-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-core6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-glib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-glib1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-gobject-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-gobject0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-qt3-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-qt3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-qt4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-qt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-ui-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavahi-ui0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-avahi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"avahi-autoipd\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"avahi-daemon\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"avahi-dbg\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"avahi-discover\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"avahi-dnsconfd\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"avahi-utils\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-client-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-client3\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-common-data\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-common-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-common3\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-compat-howl-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-compat-howl0\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-compat-libdnssd-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-compat-libdnssd1\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-core-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-core5\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-glib-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-glib1\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-gobject-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-gobject0\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-qt3-1\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-qt3-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-qt4-1\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-qt4-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-ui-dev\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavahi-ui0\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python-avahi\", pkgver:\"0.6.22-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"avahi-autoipd\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"avahi-daemon\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"avahi-dbg\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"avahi-discover\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"avahi-dnsconfd\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"avahi-ui-utils\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"avahi-utils\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-client-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-client3\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-common-data\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-common-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-common3\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-compat-howl-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-compat-howl0\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-compat-libdnssd-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-compat-libdnssd1\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-core-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-core5\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-glib-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-glib1\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-gobject-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-gobject0\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-qt3-1\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-qt3-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-qt4-1\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-qt4-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-ui-dev\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavahi-ui0\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"python-avahi\", pkgver:\"0.6.23-4ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"avahi-autoipd\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"avahi-daemon\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"avahi-dbg\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"avahi-discover\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"avahi-dnsconfd\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"avahi-ui-utils\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"avahi-utils\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-client-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-client3\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-common-data\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-common-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-common3\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-compat-howl-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-compat-howl0\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-compat-libdnssd-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-compat-libdnssd1\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-core-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-core6\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-glib-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-glib1\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-gobject-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-gobject0\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-qt3-1\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-qt3-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-qt4-1\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-qt4-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-ui-dev\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavahi-ui0\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"python-avahi\", pkgver:\"0.6.25-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"avahi-autoipd\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"avahi-daemon\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"avahi-dbg\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"avahi-discover\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"avahi-dnsconfd\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"avahi-ui-utils\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"avahi-utils\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-client-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-client3\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-common-data\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-common-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-common3\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-compat-howl-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-compat-howl0\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-compat-libdnssd-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-compat-libdnssd1\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-core-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-core6\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-glib-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-glib1\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-gobject-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-gobject0\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-qt3-1\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-qt3-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-qt4-1\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-qt4-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-ui-dev\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavahi-ui0\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-avahi\", pkgver:\"0.6.25-1ubuntu6.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avahi-autoipd / avahi-daemon / avahi-dbg / avahi-discover / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:53:43", "description": "From Red Hat Security Advisory 2010:0528 :\n\nUpdated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nAvahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers.\n\nA flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets.\n(CVE-2010-2244)\n\nA flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default.\n(CVE-2009-0758)\n\nAll users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : avahi (ELSA-2010-0528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0758", "CVE-2010-2244"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:avahi", "p-cpe:/a:oracle:linux:avahi-compat-howl", "p-cpe:/a:oracle:linux:avahi-compat-howl-devel", "p-cpe:/a:oracle:linux:avahi-compat-libdns_sd", "p-cpe:/a:oracle:linux:avahi-compat-libdns_sd-devel", "p-cpe:/a:oracle:linux:avahi-devel", "p-cpe:/a:oracle:linux:avahi-glib", "p-cpe:/a:oracle:linux:avahi-glib-devel", "p-cpe:/a:oracle:linux:avahi-qt3", "p-cpe:/a:oracle:linux:avahi-qt3-devel", "p-cpe:/a:oracle:linux:avahi-tools", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0528.NASL", "href": "https://www.tenable.com/plugins/nessus/68061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0528 and \n# Oracle Linux Security Advisory ELSA-2010-0528 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68061);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0758\", \"CVE-2010-2244\");\n script_bugtraq_id(33946, 41075);\n script_xref(name:\"RHSA\", value:\"2010:0528\");\n\n script_name(english:\"Oracle Linux 5 : avahi (ELSA-2010-0528)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0528 :\n\nUpdated avahi packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nAvahi is an implementation of the DNS Service Discovery and Multicast\nDNS specifications for Zero Configuration Networking. It facilitates\nservice discovery on a local network. Avahi and Avahi-aware\napplications allow you to plug your computer into a network and, with\nno configuration, view other people to chat with, view printers to\nprint to, and find shared files on other computers.\n\nA flaw was found in the way the Avahi daemon (avahi-daemon) processed\nMulticast DNS (mDNS) packets with corrupted checksums. An attacker on\nthe local network could use this flaw to cause avahi-daemon on a\ntarget system to exit unexpectedly via specially crafted mDNS packets.\n(CVE-2010-2244)\n\nA flaw was found in the way avahi-daemon processed incoming unicast\nmDNS messages. If the mDNS reflector were enabled on a system, an\nattacker on the local network could send a specially crafted unicast\nmDNS message to that system, resulting in its avahi-daemon flooding\nthe network with a multicast packet storm, and consuming a large\namount of CPU. Note: The mDNS reflector is disabled by default.\n(CVE-2009-0758)\n\nAll users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe update, avahi-daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001533.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected avahi packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-compat-howl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-compat-howl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-compat-libdns_sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-compat-libdns_sd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:avahi-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"avahi-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-compat-howl-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-compat-howl-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-compat-libdns_sd-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-compat-libdns_sd-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-glib-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-glib-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-qt3-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-qt3-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"avahi-tools-0.6.16-9.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avahi / avahi-compat-howl / avahi-compat-howl-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:03:35", "description": "Updated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nAvahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers.\n\nA flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets.\n(CVE-2010-2244)\n\nA flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default.\n(CVE-2009-0758)\n\nAll users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-28T00:00:00", "type": "nessus", "title": "RHEL 5 : avahi (RHSA-2010:0528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0758", "CVE-2010-2244"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:avahi", "p-cpe:/a:redhat:enterprise_linux:avahi-compat-howl", "p-cpe:/a:redhat:enterprise_linux:avahi-compat-howl-devel", "p-cpe:/a:redhat:enterprise_linux:avahi-compat-libdns_sd", "p-cpe:/a:redhat:enterprise_linux:avahi-compat-libdns_sd-devel", "p-cpe:/a:redhat:enterprise_linux:avahi-devel", "p-cpe:/a:redhat:enterprise_linux:avahi-glib", "p-cpe:/a:redhat:enterprise_linux:avahi-glib-devel", "p-cpe:/a:redhat:enterprise_linux:avahi-qt3", "p-cpe:/a:redhat:enterprise_linux:avahi-qt3-devel", "p-cpe:/a:redhat:enterprise_linux:avahi-tools", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0528.NASL", "href": "https://www.tenable.com/plugins/nessus/47874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0528. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47874);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0758\", \"CVE-2010-2244\");\n script_bugtraq_id(33946, 41075);\n script_xref(name:\"RHSA\", value:\"2010:0528\");\n\n script_name(english:\"RHEL 5 : avahi (RHSA-2010:0528)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated avahi packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nAvahi is an implementation of the DNS Service Discovery and Multicast\nDNS specifications for Zero Configuration Networking. It facilitates\nservice discovery on a local network. Avahi and Avahi-aware\napplications allow you to plug your computer into a network and, with\nno configuration, view other people to chat with, view printers to\nprint to, and find shared files on other computers.\n\nA flaw was found in the way the Avahi daemon (avahi-daemon) processed\nMulticast DNS (mDNS) packets with corrupted checksums. An attacker on\nthe local network could use this flaw to cause avahi-daemon on a\ntarget system to exit unexpectedly via specially crafted mDNS packets.\n(CVE-2010-2244)\n\nA flaw was found in the way avahi-daemon processed incoming unicast\nmDNS messages. If the mDNS reflector were enabled on a system, an\nattacker on the local network could send a specially crafted unicast\nmDNS message to that system, resulting in its avahi-daemon flooding\nthe network with a multicast packet storm, and consuming a large\namount of CPU. Note: The mDNS reflector is disabled by default.\n(CVE-2009-0758)\n\nAll users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe update, avahi-daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0528\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-compat-howl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-compat-howl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-compat-libdns_sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-compat-libdns_sd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:avahi-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0528\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-compat-howl-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-compat-howl-devel-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-compat-libdns_sd-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-compat-libdns_sd-devel-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-devel-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-glib-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-glib-devel-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-qt3-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"avahi-qt3-devel-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"avahi-tools-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"avahi-tools-0.6.16-9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"avahi-tools-0.6.16-9.el5_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avahi / avahi-compat-howl / avahi-compat-howl-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:03:46", "description": "Updated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nAvahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers.\n\nA flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets.\n(CVE-2010-2244)\n\nA flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default.\n(CVE-2009-0758)\n\nAll users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-16T00:00:00", "type": "nessus", "title": "CentOS 5 : avahi (CESA-2010:0528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0758", "CVE-2010-2244"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:avahi", "p-cpe:/a:centos:centos:avahi-compat-howl", "p-cpe:/a:centos:centos:avahi-compat-howl-devel", "p-cpe:/a:centos:centos:avahi-compat-libdns_sd", "p-cpe:/a:centos:centos:avahi-compat-libdns_sd-devel", "p-cpe:/a:centos:centos:avahi-devel", "p-cpe:/a:centos:centos:avahi-glib", "p-cpe:/a:centos:centos:avahi-glib-devel", "p-cpe:/a:centos:centos:avahi-qt3", "p-cpe:/a:centos:centos:avahi-qt3-devel", "p-cpe:/a:centos:centos:avahi-tools", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0528.NASL", "href": "https://www.tenable.com/plugins/nessus/47739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0528 and \n# CentOS Errata and Security Advisory 2010:0528 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47739);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0758\", \"CVE-2010-2244\");\n script_bugtraq_id(33946, 41075);\n script_xref(name:\"RHSA\", value:\"2010:0528\");\n\n script_name(english:\"CentOS 5 : avahi (CESA-2010:0528)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated avahi packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nAvahi is an implementation of the DNS Service Discovery and Multicast\nDNS specifications for Zero Configuration Networking. It facilitates\nservice discovery on a local network. Avahi and Avahi-aware\napplications allow you to plug your computer into a network and, with\nno configuration, view other people to chat with, view printers to\nprint to, and find shared files on other computers.\n\nA flaw was found in the way the Avahi daemon (avahi-daemon) processed\nMulticast DNS (mDNS) packets with corrupted checksums. An attacker on\nthe local network could use this flaw to cause avahi-daemon on a\ntarget system to exit unexpectedly via specially crafted mDNS packets.\n(CVE-2010-2244)\n\nA flaw was found in the way avahi-daemon processed incoming unicast\nmDNS messages. If the mDNS reflector were enabled on a system, an\nattacker on the local network could send a specially crafted unicast\nmDNS message to that system, resulting in its avahi-daemon flooding\nthe network with a multicast packet storm, and consuming a large\namount of CPU. Note: The mDNS reflector is disabled by default.\n(CVE-2009-0758)\n\nAll users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe update, avahi-daemon will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016777.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18250e13\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016778.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?99403a38\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected avahi packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-compat-howl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-compat-howl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-compat-libdns_sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-compat-libdns_sd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:avahi-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-compat-howl-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-compat-howl-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-compat-libdns_sd-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-compat-libdns_sd-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-glib-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-glib-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-qt3-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-qt3-devel-0.6.16-9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"avahi-tools-0.6.16-9.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avahi / avahi-compat-howl / avahi-compat-howl-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-24T14:14:19", "description": "Updated qspice packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor.\n\nIt was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429)\n\nAll qspice users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : qspice (RHSA-2010:0633)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0428", "CVE-2010-0429"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qspice", "p-cpe:/a:redhat:enterprise_linux:qspice-libs", "p-cpe:/a:redhat:enterprise_linux:qspice-libs-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0633.NASL", "href": "https://www.tenable.com/plugins/nessus/63948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0633. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63948);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0428\", \"CVE-2010-0429\");\n script_xref(name:\"RHSA\", value:\"2010:0633\");\n\n script_name(english:\"RHEL 5 : qspice (RHSA-2010:0633)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qspice packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol used in Red Hat Enterprise Linux for viewing\nvirtualized guests running on the Kernel-based Virtual Machine (KVM)\nhypervisor, or on Red Hat Enterprise Virtualization Hypervisor.\n\nIt was found that the libspice component of QEMU-KVM on the host did\nnot validate all pointers provided from a guest system's QXL graphics\ncard driver. A privileged guest user could use this flaw to cause the\nhost to dereference an invalid pointer, causing the guest to crash\n(denial of service) or, possibly, resulting in the privileged guest\nuser escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could\nbe forced to perform certain memory management operations on memory\naddresses controlled by a guest. A privileged guest user could use\nthis flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2010-0429)\n\nAll qspice users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0633\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected qspice, qspice-libs and / or qspice-libs-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qspice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qspice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qspice-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0633\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"qspice-0.3.0-54.el5_5.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"qspice-libs-0.3.0-54.el5_5.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"qspice-libs-devel-0.3.0-54.el5_5.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qspice / qspice-libs / qspice-libs-devel\");\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-24T15:22:01", "description": "Updated qspice packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor.\n\nIt was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429)\n\nAll qspice users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-29T00:00:00", "type": "nessus", "title": "CentOS 5 : qspice (CESA-2010:0633)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0428", "CVE-2010-0429"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qspice", "p-cpe:/a:centos:centos:qspice-libs", "p-cpe:/a:centos:centos:qspice-libs-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0633.NASL", "href": "https://www.tenable.com/plugins/nessus/48911", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0633 and \n# CentOS Errata and Security Advisory 2010:0633 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48911);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0428\", \"CVE-2010-0429\");\n script_xref(name:\"RHSA\", value:\"2010:0633\");\n\n script_name(english:\"CentOS 5 : qspice (CESA-2010:0633)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qspice packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol used in Red Hat Enterprise Linux for viewing\nvirtualized guests running on the Kernel-based Virtual Machine (KVM)\nhypervisor, or on Red Hat Enterprise Virtualization Hypervisor.\n\nIt was found that the libspice component of QEMU-KVM on the host did\nnot validate all pointers provided from a guest system's QXL graphics\ncard driver. A privileged guest user could use this flaw to cause the\nhost to dereference an invalid pointer, causing the guest to crash\n(denial of service) or, possibly, resulting in the privileged guest\nuser escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could\nbe forced to perform certain memory management operations on memory\naddresses controlled by a guest. A privileged guest user could use\nthis flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2010-0429)\n\nAll qspice users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016955.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4140ebe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qspice packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qspice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qspice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qspice-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"qspice-0.3.0-54.el5_5.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"qspice-libs-0.3.0-54.el5_5.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"qspice-libs-devel-0.3.0-54.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qspice / qspice-libs / qspice-libs-devel\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-24T14:06:47", "description": "It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429)", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : qspice on SL5.x x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0428", "CVE-2010-0429"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100819_QSPICE_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60838);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0428\", \"CVE-2010-0429\");\n\n script_name(english:\"Scientific Linux Security Update : qspice on SL5.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the libspice component of QEMU-KVM on the host did\nnot validate all pointers provided from a guest system's QXL graphics\ncard driver. A privileged guest user could use this flaw to cause the\nhost to dereference an invalid pointer, causing the guest to crash\n(denial of service) or, possibly, resulting in the privileged guest\nuser escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could\nbe forced to perform certain memory management operations on memory\naddresses controlled by a guest. A privileged guest user could use\nthis flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2010-0429)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=1872\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53653dc3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected qspice, qspice-libs and / or qspice-libs-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"qspice-0.3.0-54.el5_5.2\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"qspice-libs-0.3.0-54.el5_5.2\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"qspice-libs-devel-0.3.0-54.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-25T15:33:42", "description": "From Red Hat Security Advisory 2010:0633 :\n\nUpdated qspice packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor.\n\nIt was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429)\n\nAll qspice users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : qspice (ELSA-2010-0633)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0428", "CVE-2010-0429"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:qspice", "p-cpe:/a:oracle:linux:qspice-libs", "p-cpe:/a:oracle:linux:qspice-libs-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0633.NASL", "href": "https://www.tenable.com/plugins/nessus/68086", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0633 and \n# Oracle Linux Security Advisory ELSA-2010-0633 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68086);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0428\", \"CVE-2010-0429\");\n script_xref(name:\"RHSA\", value:\"2010:0633\");\n\n script_name(english:\"Oracle Linux 5 : qspice (ELSA-2010-0633)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0633 :\n\nUpdated qspice packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol used in Red Hat Enterprise Linux for viewing\nvirtualized guests running on the Kernel-based Virtual Machine (KVM)\nhypervisor, or on Red Hat Enterprise Virtualization Hypervisor.\n\nIt was found that the libspice component of QEMU-KVM on the host did\nnot validate all pointers provided from a guest system's QXL graphics\ncard driver. A privileged guest user could use this flaw to cause the\nhost to dereference an invalid pointer, causing the guest to crash\n(denial of service) or, possibly, resulting in the privileged guest\nuser escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could\nbe forced to perform certain memory management operations on memory\naddresses controlled by a guest. A privileged guest user could use\nthis flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2010-0429)\n\nAll qspice users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001606.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qspice packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qspice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qspice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qspice-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"qspice-0.3.0-54.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"qspice-libs-0.3.0-54.el5_5.2\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"qspice-libs-devel-0.3.0-54.el5_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qspice / qspice-libs / qspice-libs-devel\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T13:58:44", "description": "The remote host is affected by the vulnerability described in GLSA-201201-09 (FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-24T00:00:00", "type": "nessus", "title": "GLSA-201201-09 : FreeType: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053", "CVE-2010-3054", "CVE-2010-3311", "CVE-2010-3814", "CVE-2010-3855", "CVE-2011-0226", "CVE-2011-3256", "CVE-2011-3439"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freetype", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201201-09.NASL", "href": "https://www.tenable.com/plugins/nessus/57651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201201-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57651);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\", \"CVE-2010-3814\", \"CVE-2010-3855\", \"CVE-2011-0226\", \"CVE-2011-3256\", \"CVE-2011-3439\");\n script_bugtraq_id(41663, 42151, 42241, 42285, 42621, 42624, 43700, 44214, 44643, 48619, 50155, 50643);\n script_xref(name:\"GLSA\", value:\"201201-09\");\n\n script_name(english:\"GLSA-201201-09 : FreeType: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201201-09\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font,\n possibly resulting in the remote execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201201-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FreeType users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.4.8\"), vulnerable:make_list(\"lt 2.4.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-01T15:27:21", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-4895 Kyle Bader reported an issue in the tty subsystem that allows local users to create a denial of service (NULL pointer dereference).\n\n - CVE-2010-2226 Dan Rosenberg reported an issue in the xfs filesystem that allows local users to copy and read a file owned by another user, for which they only have write permissions, due to a lack of permission checking in the XFS_SWAPEXT ioctl.\n\n - CVE-2010-2240 Rafal Wojtczuk reported an issue that allows users to obtain escalated privileges. Users must already have sufficient privileges to execute or connect clients to an Xorg server.\n\n - CVE-2010-2248 Suresh Jayaraman discovered an issue in the CIFS filesystem. A malicious file server can set an incorrect 'CountHigh' value, resulting in a denial of service (BUG_ON() assertion).\n\n - CVE-2010-2521 Neil Brown reported an issue in the NFSv4 server code. A malicious client could trigger a denial of service (Oops) on a server due to a bug in the read_buf() routine.\n\n - CVE-2010-2798 Bob Peterson reported an issue in the GFS2 file system.\n A file system user could cause a denial of service (Oops) via certain rename operations.\n\n - CVE-2010-2803 Kees Cook reported an issue in the DRM (Direct Rendering Manager) subsystem. Local users with sufficient privileges (local X users or members of the 'video' group on a default Debian install) could acquire access to sensitive kernel memory.\n\n - CVE-2010-2959 Ben Hawkes discovered an issue in the AF_CAN socket family. An integer overflow condition may allow local users to obtain elevated privileges.\n\n - CVE-2010-3015 Toshiyuki Okajima reported an issue in the ext4 filesystem. Local users could trigger a denial of service (BUG assertion) by generating a specific set of filesystem operations.\n\nThis update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-23T00:00:00", "type": "nessus", "title": "Debian DSA-2094-1 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4895", "CVE-2010-2226", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2798", "CVE-2010-2803", "CVE-2010-2959", "CVE-2010-3015"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2094.NASL", "href": "https://www.tenable.com/plugins/nessus/48387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2094. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48387);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-4895\", \"CVE-2010-2226\", \"CVE-2010-2240\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2798\", \"CVE-2010-2803\", \"CVE-2010-2959\", \"CVE-2010-3015\");\n script_xref(name:\"DSA\", value:\"2094\");\n\n script_name(english:\"Debian DSA-2094-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-4895\n Kyle Bader reported an issue in the tty subsystem that\n allows local users to create a denial of service (NULL\n pointer dereference).\n\n - CVE-2010-2226\n Dan Rosenberg reported an issue in the xfs filesystem\n that allows local users to copy and read a file owned by\n another user, for which they only have write\n permissions, due to a lack of permission checking in the\n XFS_SWAPEXT ioctl.\n\n - CVE-2010-2240\n Rafal Wojtczuk reported an issue that allows users to\n obtain escalated privileges. Users must already have\n sufficient privileges to execute or connect clients to\n an Xorg server.\n\n - CVE-2010-2248\n Suresh Jayaraman discovered an issue in the CIFS\n filesystem. A malicious file server can set an incorrect\n 'CountHigh' value, resulting in a denial of service\n (BUG_ON() assertion).\n\n - CVE-2010-2521\n Neil Brown reported an issue in the NFSv4 server code. A\n malicious client could trigger a denial of service\n (Oops) on a server due to a bug in the read_buf()\n routine.\n\n - CVE-2010-2798\n Bob Peterson reported an issue in the GFS2 file system.\n A file system user could cause a denial of service\n (Oops) via certain rename operations.\n\n - CVE-2010-2803\n Kees Cook reported an issue in the DRM (Direct Rendering\n Manager) subsystem. Local users with sufficient\n privileges (local X users or members of the 'video'\n group on a default Debian install) could acquire access\n to sensitive kernel memory.\n\n - CVE-2010-2959\n Ben Hawkes discovered an issue in the AF_CAN socket\n family. An integer overflow condition may allow local\n users to obtain elevated privileges.\n\n - CVE-2010-3015\n Toshiyuki Okajima reported an issue in the ext4\n filesystem. Local users could trigger a denial of\n service (BUG assertion) by generating a specific set of\n filesystem operations.\n\nThis update also includes fixes a regression introduced by a previous\nupdate. See the referenced Debian bug page for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2094\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-24lenny1.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 5.0 (lenny) \n user-mode-linux 2.6.26-1um-2+24lenny1 \nUpdates for arm and mips will be released as they become available.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"linux-doc-2.6.26\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-486\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-4kc-malta\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-5kc-malta\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-686-bigmem\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-alpha\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-armel\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-hppa\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-i386\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-ia64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-mipsel\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-powerpc\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-s390\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-sparc\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-generic\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-legacy\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-openvz\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-vserver\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-xen\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-iop32x\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-itanium\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-ixp4xx\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-mckinley\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-openvz-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-openvz-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-orion5x\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc64-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-r5k-cobalt\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-s390\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-s390x\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sb1-bcm91250a\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sparc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sparc64-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-versatile\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-686-bigmem\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-itanium\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-mckinley\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-powerpc\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-powerpc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-s390x\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-sparc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-xen-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-xen-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-486\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-4kc-malta\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-5kc-malta\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-686-bigmem\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-alpha-generic\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-alpha-legacy\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-alpha-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-iop32x\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-itanium\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-ixp4xx\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-mckinley\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-openvz-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-openvz-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-orion5x\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc64-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-r5k-cobalt\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390-tape\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390x\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sb1-bcm91250a\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sb1a-bcm91480b\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sparc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sparc64-smp\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-versatile\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-686-bigmem\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-itanium\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-mckinley\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-powerpc\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-powerpc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-s390x\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-sparc64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-xen-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-xen-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-libc-dev\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-manual-2.6.26\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-modules-2.6.26-2-xen-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-modules-2.6.26-2-xen-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-patch-debian-2.6.26\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-source-2.6.26\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-support-2.6.26-2\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-tree-2.6.26\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xen-linux-system-2.6.26-2-xen-686\", reference:\"2.6.26-24lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xen-linux-system-2.6.26-2-xen-amd64\", reference:\"2.6.26-24lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:21:37", "description": "The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries :\n\n - glibc\n - glibc-common\n - nscd\n - openldap\n - sudo", "cvss3": {"score": null, "vector": null}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0001) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0211", "CVE-2010-0212", "CVE-2010-2956", "CVE-2010-3847", "CVE-2010-3856"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx"], "id": "VMWARE_VMSA-2011-0001_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89673", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89673);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2010-0211\",\n \"CVE-2010-0212\",\n \"CVE-2010-2956\",\n \"CVE-2010-3847\",\n \"CVE-2010-3856\"\n );\n script_bugtraq_id(\n 41770,\n 43019,\n 44154,\n 44347\n );\n script_xref(name:\"VMSA\", value:\"2011-0001\");\n\n script_name(english:\"VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0001) (remote check)\");\n script_summary(english:\"Checks the ESX version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities, including arbitrary\ncode execution vulnerabilities, in several third-party components and\nlibraries :\n\n - glibc\n - glibc-common\n - nscd\n - openldap\n - sudo\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2011-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000150.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0 / 4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nif (\"ESX\" >!< rel || \"ESXi\" >< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX\");\n\nextract = eregmatch(pattern:\"^ESX (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n ver = extract[1];\n\nif (ver !~ \"^4\\.[01]\")\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESX\", ver);\n\nfixes = make_array(\n \"4.0\", \"332073\",\n \"4.1\", \"348481\"\n );\n\nfix = fixes[ver];\n\nextract = eregmatch(pattern:'^VMware ESX.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware ESX\", ver);\n\nbuild = int(extract[1]);\n\nif (build < fix)\n{\n report = '\\n Version : ESX ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESX\", ver, build);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:58", "description": "Fix for CVE-2010-2244.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-07T00:00:00", "type": "nessus", "title": "Fedora 13 : avahi-0.6.25-7.fc13 (2010-10581)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2244"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:avahi", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-10581.NASL", "href": "https://www.tenable.com/plugins/nessus/47609", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-10581.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47609);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2244\");\n script_bugtraq_id(41075);\n script_xref(name:\"FEDORA\", value:\"2010-10581\");\n\n script_name(english:\"Fedora 13 : avahi-0.6.25-7.fc13 (2010-10581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2010-2244.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=607293\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34903a05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected avahi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:avahi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"avahi-0.6.25-7.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avahi\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:03:53", "description": "Fix for CVE-2010-2244.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-07T00:00:00", "type": "nessus", "title": "Fedora 12 : avahi-0.6.25-7.fc12 (2010-10584)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2244"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:avahi", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-10584.NASL", "href": "https://www.tenable.com/plugins/nessus/47610", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-10584.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47610);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2244\");\n script_bugtraq_id(41075);\n script_xref(name:\"FEDORA\", value:\"2010-10584\");\n\n script_name(english:\"Fedora 12 : avahi-0.6.25-7.fc12 (2010-10584)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2010-2244.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=607293\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2cd7fc5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected avahi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:avahi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"avahi-0.6.25-7.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avahi\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:55", "description": "Oracle Linux Local Security Checks ELSA-2010-0610", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0610", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2066", "CVE-2010-2248", "CVE-2010-2226", "CVE-2010-2521", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-1084"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0610.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122332\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:57 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0610\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0610 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0610\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0610.html\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~194.11.1.0.1.el5~1.4.7~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~194.11.1.0.1.el5PAE~1.4.7~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~194.11.1.0.1.el5debug~1.4.7~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~194.11.1.0.1.el5xen~1.4.7~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~194.11.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~194.11.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~194.11.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~194.11.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0578 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880576", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0578 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880576\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0578\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0578 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"freetype on CentOS 5\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n\n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n\n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n\n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n\n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-22T13:05:55", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0578-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310870300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0578-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870300\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0578-01\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0578-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:32", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0578-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:870300", "href": "http://plugins.openvas.org/nasl.php?oid=870300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0578-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00026.html\");\n script_id(870300);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0578-01\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0578-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:53", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0578 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880576", "href": "http://plugins.openvas.org/nasl.php?oid=880576", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0578 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\");\n script_id(880576);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0578\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0578 centos5 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:54", "description": "Oracle Linux Local Security Checks ELSA-2010-0578", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0578", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122337", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0578.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122337\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:02 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0578\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0578\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0578.html\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2010:0610 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0742", "CVE-2010-2066", "CVE-2010-2248", "CVE-2010-2226", "CVE-2010-2521", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-1084"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880569", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880569", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2010:0610 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880569\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2010:0610\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\",\n \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2006-0742\");\n script_name(\"CentOS Update for kernel CESA-2010:0610 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * instances of unsafe sprintf() use were found in the Linux kernel\n Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\n or RFCOMM sockets could result in arbitrary memory pages being overwritten.\n A local, unprivileged user could use this flaw to cause a kernel panic\n (denial of service) or escalate their privileges. (CVE-2010-1084,\n Important)\n\n * a flaw was found in the Xen hypervisor implementation when using the\n Intel Itanium architecture, allowing guests to enter an unsupported state.\n An unprivileged guest user could trigger this flaw by setting the BE (Big\n Endian) bit of the Processor Status Register (PSR), leading to the guest\n crashing (denial of service). (CVE-2010-2070, Important)\n\n * a flaw was found in the CIFSSMBWrite() function in the Linux kernel\n Common Internet File System (CIFS) implementation. A remote attacker could\n send a specially-crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n\n * buffer overflow flaws were found in the Linux kernel's implementation of\n the server-side External Data Representation (XDR) for the Network File\n System (NFS) version 4. An attacker on the local network could send a\n specially-crafted large compound request to the NFSv4 server, which could\n possibly result in a kernel panic (denial of service) or, potentially, code\n execution. (CVE-2010-2521, Important)\n\n * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\n XFS file system implementation. A local user could use this flaw to read\n write-only files, that they do not own, on an XFS file system. This could\n lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n\n * a flaw was found in the dns_resolver upcall used by CIFS. A local,\n unprivileged user could redirect a Microsoft Distributed File System link\n to another IP address, tricking the client into mounting the share from a\n server of the user's choosing. (CVE-2010-2524, Moderate)\n\n * a missing check was found in the mext_check_arguments() function in the\n ext4 file system code. A local user could use this flaw to cause the\n MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that file. (CVE-2010-2066,\n Low)\n\n Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\n Rosenberg for reporting CVE-2010-2226 and CVE-2010-2 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:05:08", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2010:0610-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0742", "CVE-2010-2066", "CVE-2010-2248", "CVE-2010-2226", "CVE-2010-2521", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-1084"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:1361412562310870308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2010:0610-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * instances of unsafe sprintf() use were found in the Linux kernel\n Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\n or RFCOMM sockets could result in arbitrary memory pages being overwritten.\n A local, unprivileged user could use this flaw to cause a kernel panic\n (denial of service) or escalate their privileges. (CVE-2010-1084,\n Important)\n \n * a flaw was found in the Xen hypervisor implementation when using the\n Intel Itanium architecture, allowing guests to enter an unsupported state.\n An unprivileged guest user could trigger this flaw by setting the BE (Big\n Endian) bit of the Processor Status Register (PSR), leading to the guest\n crashing (denial of service). (CVE-2010-2070, Important)\n \n * a flaw was found in the CIFSSMBWrite() function in the Linux kernel\n Common Internet File System (CIFS) implementation. A remote attacker could\n send a specially-crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n \n * buffer overflow flaws were found in the Linux kernel's implementation of\n the server-side External Data Representation (XDR) for the Network File\n System (NFS) version 4. An attacker on the local network could send a\n specially-crafted large compound request to the NFSv4 server, which could\n possibly result in a kernel panic (denial of service) or, potentially, code\n execution. (CVE-2010-2521, Important)\n \n * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\n XFS file system implementation. A local user could use this flaw to read\n write-only files, that they do not own, on an XFS file system. This could\n lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n \n * a flaw was found in the dns_resolver upcall used by CIFS. A local,\n unprivileged user could redirect a Microsoft Distributed File System link\n to another IP address, tricking the client into mounting the share from a\n server of the user's choosing. (CVE-2010-2524, Moderate)\n \n * a missing check was found in the mext_check_arguments() function in the\n ext4 file system code. A local user could use this flaw to cause the\n MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that file. (CVE-2010-2066,\n Low)\n \n Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\n Rosenberg for reportin ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870308\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0610-01\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2006-0742\");\n script_name(\"RedHat Update for kernel RHSA-2010:0610-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:22", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2010:0610 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0742", "CVE-2010-2066", "CVE-2010-2248", "CVE-2010-2226", "CVE-2010-2521", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-1084"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880569", "href": "http://plugins.openvas.org/nasl.php?oid=880569", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2010:0610 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * instances of unsafe sprintf() use were found in the Linux kernel\n Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\n or RFCOMM sockets could result in arbitrary memory pages being overwritten.\n A local, unprivileged user could use this flaw to cause a kernel panic\n (denial of service) or escalate their privileges. (CVE-2010-1084,\n Important)\n \n * a flaw was found in the Xen hypervisor implementation when using the\n Intel Itanium architecture, allowing guests to enter an unsupported state.\n An unprivileged guest user could trigger this flaw by setting the BE (Big\n Endian) bit of the Processor Status Register (PSR), leading to the guest\n crashing (denial of service). (CVE-2010-2070, Important)\n \n * a flaw was found in the CIFSSMBWrite() function in the Linux kernel\n Common Internet File System (CIFS) implementation. A remote attacker could\n send a specially-crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n \n * buffer overflow flaws were found in the Linux kernel's implementation of\n the server-side External Data Representation (XDR) for the Network File\n System (NFS) version 4. An attacker on the local network could send a\n specially-crafted large compound request to the NFSv4 server, which could\n possibly result in a kernel panic (denial of service) or, potentially, code\n execution. (CVE-2010-2521, Important)\n \n * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\n XFS file system implementation. A local user could use this flaw to read\n write-only files, that they do not own, on an XFS file system. This could\n lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n \n * a flaw was found in the dns_resolver upcall used by CIFS. A local,\n unprivileged user could redirect a Microsoft Distributed File System link\n to another IP address, tricking the client into mounting the share from a\n server of the user's choosing. (CVE-2010-2524, Moderate)\n \n * a missing check was found in the mext_check_arguments() function in the\n ext4 file system code. A local user could use this flaw to cause the\n MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that file. (CVE-2010-2066,\n Low)\n \n Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\n Rosenberg for reporting CVE-2010-2226 and CVE-2010-2 ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html\");\n script_id(880569);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0610\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\",\n \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2006-0742\");\n script_name(\"CentOS Update for kernel CESA-2010:0610 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:58:07", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2010:0610-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0742", "CVE-2010-2066", "CVE-2010-2248", "CVE-2010-2226", "CVE-2010-2521", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-1084"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:870308", "href": "http://plugins.openvas.org/nasl.php?oid=870308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2010:0610-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * instances of unsafe sprintf() use were found in the Linux kernel\n Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\n or RFCOMM sockets could result in arbitrary memory pages being overwritten.\n A local, unprivileged user could use this flaw to cause a kernel panic\n (denial of service) or escalate their privileges. (CVE-2010-1084,\n Important)\n \n * a flaw was found in the Xen hypervisor implementation when using the\n Intel Itanium architecture, allowing guests to enter an unsupported state.\n An unprivileged guest user could trigger this flaw by setting the BE (Big\n Endian) bit of the Processor Status Register (PSR), leading to the guest\n crashing (denial of service). (CVE-2010-2070, Important)\n \n * a flaw was found in the CIFSSMBWrite() function in the Linux kernel\n Common Internet File System (CIFS) implementation. A remote attacker could\n send a specially-crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n \n * buffer overflow flaws were found in the Linux kernel's implementation of\n the server-side External Data Representation (XDR) for the Network File\n System (NFS) version 4. An attacker on the local network could send a\n specially-crafted large compound request to the NFSv4 server, which could\n possibly result in a kernel panic (denial of service) or, potentially, code\n execution. (CVE-2010-2521, Important)\n \n * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\n XFS file system implementation. A local user could use this flaw to read\n write-only files, that they do not own, on an XFS file system. This could\n lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n \n * a flaw was found in the dns_resolver upcall used by CIFS. A local,\n unprivileged user could redirect a Microsoft Distributed File System link\n to another IP address, tricking the client into mounting the share from a\n server of the user's choosing. (CVE-2010-2524, Moderate)\n \n * a missing check was found in the mext_check_arguments() function in the\n ext4 file system code. A local user could use this flaw to cause the\n MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that file. (CVE-2010-2066,\n Low)\n \n Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\n Rosenberg for reportin ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00012.html\");\n script_id(870308);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0610-01\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2006-0742\");\n script_name(\"RedHat Update for kernel RHSA-2010:0610-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:05:17", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-963-1", "cvss3": {}, "published": "2010-07-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-963-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:1361412562310840461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_963_1.nasl 8495 2018-01-23 07:57:49Z teissa $\n#\n# Ubuntu Update for freetype vulnerabilities USN-963-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Robert Święcki discovered that FreeType did not correctly handle certain\n malformed font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could execute arbitrary code with user\n privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-963-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-963-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840461\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"963-1\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-963-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:39", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-963-1", "cvss3": {}, "published": "2010-07-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-963-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840461", "href": "http://plugins.openvas.org/nasl.php?oid=840461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_963_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for freetype vulnerabilities USN-963-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Robert Święcki discovered that FreeType did not correctly handle certain\n malformed font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could execute arbitrary code with user\n privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-963-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS