-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1761-1 security@debian.org
http://www.debian.org/security/ Nico Golde
April 3rd, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : moodle
Vulnerability : missing input sanitization
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-1171
Debian Bug : 522116
Christian J. Eibl discovered that the TeX filter of Moodle, a web-based
course management system, doesn't check user input for certain TeX commands
which allows an attacker to include and display the content of arbitrary system
files.
Note that this doesn't affect installations that only use the mimetex
environment.
For the oldstable distribution (etch), this problem has been fixed in
version 1.6.3-2+etch3.
For the stable distribution (lenny), this problem has been fixed in
version 1.8.2.dfsg-3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.2.dfsg-5.
We recommend that you upgrade your moodle packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.dsc
Size/MD5 checksum: 793 bb2ea87c38661c49b936a357eeb14b0c
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.diff.gz
Size/MD5 checksum: 27511 974a829196380027ac19e82ecd4a6e82
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3_all.deb
Size/MD5 checksum: 6583190 7d5c0c3103021541b308f54bfc2e2d55
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.diff.gz
Size/MD5 checksum: 49345 31b07d8aab91762d31e2f73dcc6a468c
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.dsc
Size/MD5 checksum: 1390 e7a4b2fe58e3b53f6c4bf6327a007509
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2_all.deb
Size/MD5 checksum: 8713446 6a9345748982edab6a52047abe6779f6
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknWEKsACgkQHYflSXNkfP8dGQCfTBLt9yBJwXeP3DycLWtgcDVQ
j3cAn3DJJ7RaJFocrI0532MZa/09ziQL
=JjDY
-----END PGP SIGNATURE-----
{"id": "SECURITYVULNS:DOC:21571", "bulletinFamily": "software", "title": "[SECURITY] [DSA 1761-1] New moodle packages fix file disclosure", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1761-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nApril 3rd, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : moodle\r\nVulnerability : missing input sanitization\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2009-1171\r\nDebian Bug : 522116\r\n\r\n\r\nChristian J. Eibl discovered that the TeX filter of Moodle, a web-based\r\ncourse management system, doesn't check user input for certain TeX commands\r\nwhich allows an attacker to include and display the content of arbitrary system\r\nfiles.\r\n\r\nNote that this doesn't affect installations that only use the mimetex\r\nenvironment.\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 1.6.3-2+etch3.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1.8.2.dfsg-3+lenny2.\r\n\r\nFor the testing distribution (squeeze), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.8.2.dfsg-5.\r\n\r\n\r\nWe recommend that you upgrade your moodle packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.dsc\r\n Size/MD5 checksum: 793 bb2ea87c38661c49b936a357eeb14b0c\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.diff.gz\r\n Size/MD5 checksum: 27511 974a829196380027ac19e82ecd4a6e82\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3_all.deb\r\n Size/MD5 checksum: 6583190 7d5c0c3103021541b308f54bfc2e2d55\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.diff.gz\r\n Size/MD5 checksum: 49345 31b07d8aab91762d31e2f73dcc6a468c\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.dsc\r\n Size/MD5 checksum: 1390 e7a4b2fe58e3b53f6c4bf6327a007509\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2_all.deb\r\n Size/MD5 checksum: 8713446 6a9345748982edab6a52047abe6779f6\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAknWEKsACgkQHYflSXNkfP8dGQCfTBLt9yBJwXeP3DycLWtgcDVQ\r\nj3cAn3DJJ7RaJFocrI0532MZa/09ziQL\r\n=JjDY\r\n-----END PGP SIGNATURE-----", "published": "2009-04-03T00:00:00", "modified": "2009-04-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21571", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2009-1171"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:29", "edition": 1, "viewCount": 105, "enchantments": {"score": {"value": 1.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1171"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1761-1:ACA60"]}, {"type": "fedora", "idList": ["FEDORA:0C0B6208959", "FEDORA:4424B20894E", "FEDORA:7E1DF10F85C"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1761.NASL", "FEDORA_2009-3280.NASL", "FEDORA_2009-3283.NASL", "MOODLE_LATEX_INFO_DISCLOSURE.NASL", "SUSE_11_0_MOODLE-090417.NASL", "SUSE_11_1_MOODLE-090417.NASL", "SUSE_MOODLE-6198.NASL", "UBUNTU_USN-791-1.NASL", "UBUNTU_USN-791-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063726", "OPENVAS:136141256231063727", "OPENVAS:136141256231063734", "OPENVAS:136141256231063891", "OPENVAS:136141256231066500", "OPENVAS:63726", "OPENVAS:63727", "OPENVAS:63734", "OPENVAS:63891", "OPENVAS:64320", "OPENVAS:64321", "OPENVAS:66500"]}, {"type": "osv", "idList": ["OSV:DSA-1761-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9793"]}, {"type": "ubuntu", "idList": ["USN-791-1", "USN-791-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1171"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2009-1171"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1761-1:ACA60"]}, {"type": "fedora", "idList": ["FEDORA:7E1DF10F85C"]}, {"type": "nessus", "idList": ["UBUNTU_USN-791-1.NASL", "UBUNTU_USN-791-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063734", "OPENVAS:64321"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9793"]}, {"type": "ubuntu", "idList": ["USN-791-2"]}]}, "exploitation": null, "vulnersScore": 1.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1660012044}, "_internal": {"score_hash": "5a11c827a8d1741ff3e5e40f381a20c6"}}
{"nessus": [{"lastseen": "2022-04-12T16:04:55", "description": "The TeX filter included with the installed version of Moodle can be exploited to reveal the contents of files on the remote host, subject to the privileges under which the web server operates.", "cvss3": {"score": null, "vector": null}, "published": "2009-03-30T00:00:00", "type": "nessus", "title": "Moodle LaTeX Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:moodle:moodle"], "id": "MOODLE_LATEX_INFO_DISCLOSURE.NASL", "href": "https://www.tenable.com/plugins/nessus/36050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36050);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2009-1171\");\n script_bugtraq_id(34278);\n\n script_name(english:\"Moodle LaTeX Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by\nan information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The TeX filter included with the installed version of Moodle can be\nexploited to reveal the contents of files on the remote host, subject\nto the privileges under which the web server operates.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/502231/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Disable the TeX Notation filter, use the included mimetex filter, or\nconfigure LaTeX using the more restrictive 'openin_any=p' option.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moodle:moodle\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"moodle_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/Moodle\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Moodle\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\n\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\n# Try to retrieve a local file.\nos = get_kb_item(\"Host/OS\");\nif (os && report_paranoia < 2)\n{\n if (\"Windows\" >< os) files = make_list('windows/win.ini', 'winnt/win.ini');\n else files = make_list('etc/passwd');\n}\nelse files = make_list('etc/passwd', 'windows/win.ini', 'winnt/win.ini');\n\nfile_pats = make_array();\nfile_pats['etc/passwd'] = \"root:.*:0:[01]:\";\nfile_pats['winnt/win.ini'] = \"^\\[[a-zA-Z]+\\]|^; for 16-bit app support\";\nfile_pats['windows/win.ini'] = \"^\\[[a-zA-Z]+\\]|^; for 16-bit app support\";\n\n# Make sure the texdebug script is accessible.\nurl = dir + \"/filter/tex/texdebug.php\";\nres = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\n\nif (\n \"title>TeX Filter Debugger<\" >< res[2] &&\n 'value=\"ShowOutputTex\"' >< res[2]\n)\n{\n # Loop through files.\n foreach file (files)\n {\n # Try to generate a GIF image.\n exploit = '\\\\input ' + file;\n\n postdata = \"tex=\" + urlencode(str:exploit) + \"&\" + \"action=ShowImageTex\";\n\n res = http_send_recv3(\n method : \"POST\",\n port : port,\n item : url,\n data : postdata,\n add_headers : make_array(\"Content-Type\", \"application/x-www-form-urlencoded\"),\n exit_on_fail: TRUE\n );\n\n # There's a problem if we see a GIF file.\n if (\"image/gif\" >< res[1])\n {\n if (report_verbosity > 0)\n {\n req_str = http_last_sent_request();\n report =\n '\\n' + 'Nessus was able to exploit the issue to reveal the contents of' +\n '\\n' + \"'\" + file + \"' as a graphic image using the following request :\" +\n '\\n' +\n '\\n' + ' ' + req_str + \n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n }\n }\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:07:15", "description": "Special command sequences in TeX files allowed users to read arbitrary files (CVE-2009-1171).", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : moodle (moodle-803)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-fa", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-so", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_MOODLE-090417.NASL", "href": "https://www.tenable.com/plugins/nessus/40277", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-803.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40277);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1171\");\n\n script_name(english:\"openSUSE Security Update : moodle (moodle-803)\");\n script_summary(english:\"Check for the moodle-803 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Special command sequences in TeX files allowed users to read arbitrary\nfiles (CVE-2009-1171).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=490087\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-af-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ar-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-be-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-bg-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-bs-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ca-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-cs-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-da-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-de-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-de_du-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-el-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-es-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-et-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-eu-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fa-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fi-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fr-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ga-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-gl-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-he-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hi-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hr-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hu-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-id-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-is-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-it-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ja-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ka-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-km-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-kn-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ko-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-lt-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-lv-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-mi_tn-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ms-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-nl-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-nn-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-no-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-pl-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-pt-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ro-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ru-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sk-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sl-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-so-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sq-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sr-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sv-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-th-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-tl-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-tr-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-uk-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-vi-1.9.3-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-zh_cn-1.9.3-1.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:08:33", "description": "Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files.\n\nNote that this doesn't affect installations that only use the mimetex environment.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-06T00:00:00", "type": "nessus", "title": "Debian DSA-1761-1 : moodle - missing input sanitization", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:moodle", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1761.NASL", "href": "https://www.tenable.com/plugins/nessus/36084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1761. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36084);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1171\");\n script_bugtraq_id(34278);\n script_xref(name:\"DSA\", value:\"1761\");\n\n script_name(english:\"Debian DSA-1761-1 : moodle - missing input sanitization\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian J. Eibl discovered that the TeX filter of Moodle, a\nweb-based course management system, doesn't check user input for\ncertain TeX commands which allows an attacker to include and display\nthe content of arbitrary system files.\n\nNote that this doesn't affect installations that only use the mimetex\nenvironment.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1761\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the moodle packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.6.3-2+etch3.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.8.2.dfsg-3+lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"moodle\", reference:\"1.6.3-2+etch3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"moodle\", reference:\"1.8.2.dfsg-3+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:08:14", "description": "Special command sequences in TeX files allowed users to read arbitrary files (CVE-2009-1171).", "cvss3": {"score": null, "vector": null}, "published": "2009-04-21T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : moodle (moodle-6198)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-fa", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-so", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_MOODLE-6198.NASL", "href": "https://www.tenable.com/plugins/nessus/36204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-6198.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36204);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1171\");\n\n script_name(english:\"openSUSE 10 Security Update : moodle (moodle-6198)\");\n script_summary(english:\"Check for the moodle-6198 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Special command sequences in TeX files allowed users to read arbitrary\nfiles (CVE-2009-1171).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-af-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ar-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-be-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bg-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bs-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ca-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-cs-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-da-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de_du-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-el-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-es-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-et-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-eu-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fa-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fi-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fr-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ga-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-gl-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-he-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hi-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hr-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hu-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-id-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-is-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-it-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ja-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ka-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-km-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-kn-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ko-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lt-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lv-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-mi_tn-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ms-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nl-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nn-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-no-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pl-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pt-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ro-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ru-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sk-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sl-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-so-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sq-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sr-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sv-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-th-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tl-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tr-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-uk-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-vi-1.8.2-17.14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-zh_cn-1.8.2-17.14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:07:35", "description": "Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-06-25T00:00:00", "type": "nessus", "title": "Ubuntu 9.04 : moodle vulnerability (USN-791-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:moodle", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-791-2.NASL", "href": "https://www.tenable.com/plugins/nessus/39517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-791-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39517);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1171\");\n script_xref(name:\"USN\", value:\"791-2\");\n\n script_name(english:\"Ubuntu 9.04 : moodle vulnerability (USN-791-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian Eibl discovered that the TeX filter in Moodle allowed any\nfunction to be used. An authenticated remote attacker could post a\nspecially crafted TeX formula to execute arbitrary TeX functions,\npotentially reading any file accessible to the web server user,\nleading to a loss of privacy. (CVE-2009-1171, MSA-09-0009).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/791-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.04\", pkgname:\"moodle\", pkgver:\"1.9.4.dfsg-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:08:22", "description": "CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a '$$' sequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18 .4.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-03T00:00:00", "type": "nessus", "title": "Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-3283.NASL", "href": "https://www.tenable.com/plugins/nessus/36077", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3283.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36077);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1171\");\n script_bugtraq_id(34278);\n script_xref(name:\"EDB-ID\", value:\"8297\");\n script_xref(name:\"FEDORA\", value:\"2009-3283\");\n\n script_name(english:\"Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before\n1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted\nattackers to read arbitrary files via an input command in a '$$'\nsequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552\nhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18\n.4.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0321ab9a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://git.catalyst.net.nz/gw?p=\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9\"\n );\n # http://tracker.moodle.org/browse/MDL-18552\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12d97e78\"\n );\n # http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aedaf8ff\"\n );\n # http://www.securityfocus.com/bid/34278\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/34278\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6913af45\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"moodle-1.9.4-6.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:07:12", "description": "Special command sequences in TeX files allowed users to read arbitrary files (CVE-2009-1171).", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : moodle (moodle-803)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-fa", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-so", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_MOODLE-090417.NASL", "href": "https://www.tenable.com/plugins/nessus/40070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-803.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40070);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1171\");\n\n script_name(english:\"openSUSE Security Update : moodle (moodle-803)\");\n script_summary(english:\"Check for the moodle-803 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Special command sequences in TeX files allowed users to read arbitrary\nfiles (CVE-2009-1171).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=490087\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-af-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ar-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-be-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-bg-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-bs-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ca-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-cs-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-da-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-de-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-de_du-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-el-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-es-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-et-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-eu-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fa-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fi-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fr-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ga-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-gl-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-he-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hi-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hr-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hu-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-id-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-is-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-it-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ja-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ka-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-km-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-kn-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ko-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-lt-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-lv-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-mi_tn-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ms-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-nl-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-nn-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-no-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-pl-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-pt-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ro-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ru-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sk-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sl-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-so-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sq-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sr-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sv-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-th-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-tl-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-tr-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-uk-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-vi-1.9.0-24.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-zh_cn-1.9.0-24.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:08:19", "description": "CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a '$$' sequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18 .4.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : moodle-1.9.4-6.fc10 (2009-3280)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-3280.NASL", "href": "https://www.tenable.com/plugins/nessus/36905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3280.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36905);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1171\");\n script_bugtraq_id(34278);\n script_xref(name:\"EDB-ID\", value:\"8297\");\n script_xref(name:\"FEDORA\", value:\"2009-3280\");\n\n script_name(english:\"Fedora 10 : moodle-1.9.4-6.fc10 (2009-3280)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before\n1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted\nattackers to read arbitrary files via an input command in a '$$'\nsequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552\nhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18\n.4.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0321ab9a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://git.catalyst.net.nz/gw?p=\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9\"\n );\n # http://tracker.moodle.org/browse/MDL-18552\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12d97e78\"\n );\n # http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aedaf8ff\"\n );\n # http://www.securityfocus.com/bid/34278\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/34278\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022023.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ff2602f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"moodle-1.9.4-6.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:07:31", "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, 'Login as' feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF).\nIf an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user's configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service.\n(MDL-11857).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-06-25T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3215", "CVE-2008-4796", "CVE-2008-4810", "CVE-2008-4811", "CVE-2008-5153", "CVE-2008-5432", "CVE-2008-5619", "CVE-2008-6124", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0501", "CVE-2009-0502", "CVE-2009-1171", "CVE-2009-1669"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:moodle", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-791-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-791-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39516);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-3215\", \"CVE-2008-4796\", \"CVE-2008-4810\", \"CVE-2008-4811\", \"CVE-2008-5153\", \"CVE-2008-5432\", \"CVE-2008-5619\", \"CVE-2008-6124\", \"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\", \"CVE-2009-1171\", \"CVE-2009-1669\");\n script_bugtraq_id(31862, 31887, 32402, 32799, 33610, 33612, 34278, 34918);\n script_xref(name:\"USN\", value:\"791-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Thor Larholm discovered that PHPMailer, as used by Moodle, did not\ncorrectly escape email addresses. A local attacker with direct access\nto the Moodle database could exploit this to execute arbitrary\ncommands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly\nescape shell meta-characters. An authenticated remote attacker could\nexecute arbitrary commands as the web server user, if curl was\ninstalled and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not\ncorrectly filter certain inputs. An authenticated remote attacker\ncould exploit this to execute arbitrary PHP commands as the web server\nuser. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did\nnot correctly handle temporary files. If the tool had been locally\nmodified, it could be made to overwrite arbitrary local files via\nsymlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki\npage titles in certain areas. An authenticated remote attacker could\nexploit this to cause cross-site scripting (XSS), which could be used\nto modify or steal confidential data of other users within the same\nweb domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, 'Login as' feature, and\nlogging in Moodle did not correctly handle certain inputs. An\nauthenticated remote attacker could exploit this to generate XSS,\nwhich could be used to modify or steal confidential data of other\nusers within the same web domain. (CVE-2008-5619, CVE-2009-0500,\nCVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly\nfilter SQL inputs. An authenticated remote attacker could execute\narbitrary SQL commands as the moodle database user, leading to a loss\nof privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings\nin Moodle were not protected from cross-site request forgery (CSRF).\nIf an authenticated user were tricked into visiting a malicious\nwebsite while logged into Moodle, a remote attacker could change the\nuser's configurations or forum content. (CVE-2009-0499, MSA-09-0008,\nMSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the\nCalendar Export tool. A remote attacker could gather a list of users,\nleading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any\nfunction to be used. An authenticated remote attacker could post a\nspecially crafted TeX formula to execute arbitrary TeX functions,\npotentially reading any file accessible to the web server user,\nleading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user\npermissions when attempting to switch user accounts. An authenticated\nremote attacker could switch to any other Moodle user, leading to a\nloss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained\nXSS vulnerabilities. An unauthenticated remote attacker could exploit\nthis to modify or steal confidential data of other users within the\nsame web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra\nMontesinos discovered that when users were deleted from Moodle, their\nprofiles and avatars were still visible. An authenticated remote\nattacker could exploit this to store information in profiles even\nafter they were removed, leading to spam traffic. (MSA-08-0015,\nMSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain\ninputs. An authenticated remote attacker could exploit this to\ngenerate XSS from which they could modify or steal confidential data\nof other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for\ngroup creation, mnet, essay question, HOST param, wiki param, and\nothers. An authenticated remote attacker could exploit this to\ngenerate XSS from which they could modify or steal confidential data\nof other users within the same web domain. (MDL-9288, MDL-11759,\nMDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when\nperforming a restore. An attacker authenticated as a Moodle\nadministrator could execute arbitrary SQL commands as the moodle\ndatabase user, leading to a loss of privacy or denial of service.\n(MDL-11857).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/791-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Roundcube 0.2beta RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 59, 79, 89, 94, 264, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"moodle\", pkgver:\"1.8.2-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"moodle\", pkgver:\"1.8.2-1.2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:07:53", "description": "\nChristian J. Eibl discovered that the TeX filter of Moodle, a web-based\ncourse management system, doesn't check user input for certain TeX commands\nwhich allows an attacker to include and display the content of arbitrary system\nfiles.\n\n\nNote that this doesn't affect installations that only use the mimetex\nenvironment.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.6.3-2+etch3.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.8.2.dfsg-3+lenny2.\n\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2.dfsg-5.\n\n\nWe recommend that you upgrade your moodle packages.\n\n\n", "cvss3": {}, "published": "2009-04-03T00:00:00", "type": "osv", "title": "moodle - file disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1171"], "modified": "2022-08-10T07:07:38", "id": "OSV:DSA-1761-1", "href": "https://osv.dev/vulnerability/DSA-1761-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2018-02-02T13:15:45", "description": "The remote host is missing an update to moodle\nannounced via advisory USN-791-2.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Ubuntu USN-791-2 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2018-02-01T00:00:00", "id": "OPENVAS:64321", "href": "http://plugins.openvas.org/nasl.php?oid=64321", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_791_2.nasl 8616 2018-02-01 08:24:13Z cfischer $\n# $Id: ubuntu_791_2.nasl 8616 2018-02-01 08:24:13Z cfischer $\n# Description: Auto-generated from advisory USN-791-2 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 9.04:\n moodle 1.9.4.dfsg-0ubuntu1.1\n\nAfter a standard system upgrade you need to access the Moodle instance\nand accept the database update to clear any invalid cached data.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-791-2\";\n\ntag_insight = \"Christian Eibl discovered that the TeX filter in Moodle allowed any\nfunction to be used. An authenticated remote attacker could post\na specially crafted TeX formula to execute arbitrary TeX functions,\npotentially reading any file accessible to the web server user, leading\nto a loss of privacy. (CVE-2009-1171, MSA-09-0009)\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory USN-791-2.\";\n\n \n\n\nif(description)\n{\n script_id(64321);\n script_version(\"$Revision: 8616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-01 09:24:13 +0100 (Thu, 01 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1171\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Ubuntu USN-791-2 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-791-2/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.9.4.dfsg-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(port:0, data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:57:01", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1761-1.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1761-1 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63734", "href": "http://plugins.openvas.org/nasl.php?oid=63734", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1761_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1761-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Christian J. Eibl discovered that the TeX filter of Moodle, a web-based\ncourse management system, doesn't check user input for certain TeX commands\nwhich allows an attacker to include and display the content of arbitrary system\nfiles.\n\nNote that this doesn't affect installations that only use the mimetex\nenvironment.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.6.3-2+etch3.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.8.2.dfsg-3+lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2.dfsg-5.\n\n\nWe recommend that you upgrade your moodle packages.\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory DSA 1761-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201761-1\";\n\n\nif(description)\n{\n script_id(63734);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1171\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1761-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.6.3-2+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2.dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:01", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1761-1.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1761-1 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063734", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063734", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1761_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1761-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Christian J. Eibl discovered that the TeX filter of Moodle, a web-based\ncourse management system, doesn't check user input for certain TeX commands\nwhich allows an attacker to include and display the content of arbitrary system\nfiles.\n\nNote that this doesn't affect installations that only use the mimetex\nenvironment.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.6.3-2+etch3.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.8.2.dfsg-3+lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2.dfsg-5.\n\n\nWe recommend that you upgrade your moodle packages.\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory DSA 1761-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201761-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63734\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1171\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1761-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.6.3-2+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2.dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:25", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3283.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3283 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063727", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063727", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3283.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3283 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\npackage designed using sound pedagogical principles, to help educators create\neffective online learning communities.\n\nUpdate Information:\n\nCVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+,\n1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read\narbitrary files via an input command in a $$ sequence, which causes LaTeX to\ninclude the contents of the file.\n\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552\nhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5\n\n\nUpstream further reported that the above patch is not sufficient and following\nchange should be used instead:\n For >=1.9.0: http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=b950f126018a9e16a298d278375a0eedf791e5dd\n For 1.6.* - 1.8.*: http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9bf1486e7ea9e8cda1e4522b96e07245459a0d\n\nChangeLog:\n\n* Wed Apr 1 2009 Jon Ciesla - 1.9.4-6\n- Patch for CVE-2009-1171, BZ 493109.\n* Tue Mar 24 2009 Jon Ciesla - 1.9.4-5\n- Update for freefont->gnu-free-fonts change.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3283\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3283.\";\n\n\n\nif(description)\n{\nscript_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded\");\nscript_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/34278\");\nscript_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8297\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.63727\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1171\", \"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-3283 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\nscript_tag(name : \"insight\" , value : tag_insight);\nscript_tag(name : \"solution\" , value : tag_solution);\nscript_tag(name : \"summary\" , value : tag_summary);\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_tag(name:\"solution_type\", value:\"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=493109\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:13", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3280.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3280 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063726", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063726", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3280.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3280 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\npackage designed using sound pedagogical principles, to help educators create\neffective online learning communities.\n\nUpdate Information:\n\nCVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+,\n1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read\narbitrary files via an input command in a $$ sequence, which causes LaTeX to\ninclude the contents of the file.\n\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552\nhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5\n\n\nUpstream further reported that the above patch is not sufficient and following\nchange should be used instead:\n For >=1.9.0: http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=b950f126018a9e16a298d278375a0eedf791e5dd\n For 1.6.* - 1.8.*: http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9bf1486e7ea9e8cda1e4522b96e07245459a0d\n\nChangeLog:\n\n* Wed Apr 1 2009 Jon Ciesla - 1.9.4-6\n- Patch for CVE-2009-1171, BZ 493109.\n* Tue Mar 24 2009 Jon Ciesla - 1.9.4-5\n- Update for freefont->gnu-free-fonts change.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3280\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3280.\";\n\n\n\nif(description)\n{\nscript_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded\");\nscript_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/34278\");\nscript_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8297\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.63726\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1171\", \"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-3280 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\nscript_tag(name : \"insight\" , value : tag_insight);\nscript_tag(name : \"solution\" , value : tag_solution);\nscript_tag(name : \"summary\" , value : tag_summary);\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_tag(name:\"solution_type\", value:\"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=493109\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:14", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13040.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-13040 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066500", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066500", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13040.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13040 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing\nmultiple security issues. For details, please visit the referenced\nsecurity advisories.\n\nChangeLog:\n\n* Tue Dec 8 2009 Jon Ciesla - 1.9.7-1\n- Update to 1.9.7, BZ 544766.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13040\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13040.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66500\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-1171\", \"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-13040 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=544766\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-dv\", rpm:\"moodle-dv~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ur\", rpm:\"moodle-ur~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:48", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3283.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3283 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63727", "href": "http://plugins.openvas.org/nasl.php?oid=63727", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3283.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3283 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\npackage designed using sound pedagogical principles, to help educators create\neffective online learning communities.\n\nUpdate Information:\n\nCVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+,\n1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read\narbitrary files via an input command in a $$ sequence, which causes LaTeX to\ninclude the contents of the file.\n\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552\nhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5\n\n\nUpstream further reported that the above patch is not sufficient and following\nchange should be used instead:\n For >=1.9.0: http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=b950f126018a9e16a298d278375a0eedf791e5dd\n For 1.6.* - 1.8.*: http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9bf1486e7ea9e8cda1e4522b96e07245459a0d\n\nChangeLog:\n\n* Wed Apr 1 2009 Jon Ciesla - 1.9.4-6\n- Patch for CVE-2009-1171, BZ 493109.\n* Tue Mar 24 2009 Jon Ciesla - 1.9.4-5\n- Update for freefont->gnu-free-fonts change.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3283\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3283.\";\n\n\n\nif(description)\n{\nscript_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded\");\nscript_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/34278\");\nscript_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8297\");\n script_id(63727);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1171\", \"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-3283 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\nscript_tag(name : \"insight\" , value : tag_insight);\nscript_tag(name : \"solution\" , value : tag_solution);\nscript_tag(name : \"summary\" , value : tag_summary);\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_tag(name:\"solution_type\", value:\"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=493109\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~6.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:44", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3280.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3280 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63726", "href": "http://plugins.openvas.org/nasl.php?oid=63726", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3280.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3280 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\npackage designed using sound pedagogical principles, to help educators create\neffective online learning communities.\n\nUpdate Information:\n\nCVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+,\n1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read\narbitrary files via an input command in a $$ sequence, which causes LaTeX to\ninclude the contents of the file.\n\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552\nhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5\n\n\nUpstream further reported that the above patch is not sufficient and following\nchange should be used instead:\n For >=1.9.0: http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=b950f126018a9e16a298d278375a0eedf791e5dd\n For 1.6.* - 1.8.*: http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9bf1486e7ea9e8cda1e4522b96e07245459a0d\n\nChangeLog:\n\n* Wed Apr 1 2009 Jon Ciesla - 1.9.4-6\n- Patch for CVE-2009-1171, BZ 493109.\n* Tue Mar 24 2009 Jon Ciesla - 1.9.4-5\n- Update for freefont->gnu-free-fonts change.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3280\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3280.\";\n\n\n\nif(description)\n{\nscript_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded\");\nscript_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/34278\");\nscript_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8297\");\n script_id(63726);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1171\", \"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-3280 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\nscript_tag(name : \"insight\" , value : tag_insight);\nscript_tag(name : \"solution\" , value : tag_solution);\nscript_tag(name : \"summary\" , value : tag_summary);\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_tag(name:\"solution_type\", value:\"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=493109\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:00", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13040.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-13040 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66500", "href": "http://plugins.openvas.org/nasl.php?oid=66500", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13040.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13040 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing\nmultiple security issues. For details, please visit the referenced\nsecurity advisories.\n\nChangeLog:\n\n* Tue Dec 8 2009 Jon Ciesla - 1.9.7-1\n- Update to 1.9.7, BZ 544766.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13040\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13040.\";\n\n\n\nif(description)\n{\n script_id(66500);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-1171\", \"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-13040 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=544766\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-dv\", rpm:\"moodle-dv~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ur\", rpm:\"moodle-ur~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:25", "description": "The remote host is missing an update to moodle\nannounced via advisory USN-791-1.\n\nFor details, please visit the referenced security advisories.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Ubuntu USN-791-1 (moodle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64320", "href": "http://plugins.openvas.org/nasl.php?oid=64320", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_791_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_791_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-791-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n moodle 1.8.2-1ubuntu4.2\n\nUbuntu 8.10:\n moodle 1.8.2-1.2ubuntu2.1\n\nAfter a standard system upgrade you need to access the Moodle instance\nand accept the database update to clear any invalid cached data.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-791-1\";\n\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory USN-791-1.\n\nFor details, please visit the referenced security advisories.\";\n\n \n\n\nif(description)\n{\n script_id(64320);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2007-3215\", \"CVE-2008-4796\", \"CVE-2008-4810\", \"CVE-2008-4811\", \"CVE-2008-5153\", \"CVE-2008-5432\", \"CVE-2008-5619\", \"CVE-2008-6124\", \"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\", \"CVE-2009-1171\", \"CVE-2009-1669\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-791-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-791-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2-1.2ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:42", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:009. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:009", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0196", "CVE-2009-0928", "CVE-2009-0586", "CVE-2009-0658", "CVE-2009-0792", "CVE-2009-0922", "CVE-2009-1241", "CVE-2008-4311", "CVE-2009-0927", "CVE-2009-0698", "CVE-2009-0365", "CVE-2009-0193", "CVE-2009-1062", "CVE-2009-1171", "CVE-2008-4989", "CVE-2009-0578", "CVE-2009-0790", "CVE-2009-1061"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063891", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063891", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_009.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:009\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:009. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63891\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2008-4311\", \"CVE-2008-4989\", \"CVE-2009-0193\", \"CVE-2009-0196\", \"CVE-2009-0365\", \"CVE-2009-0578\", \"CVE-2009-0586\", \"CVE-2009-0658\", \"CVE-2009-0698\", \"CVE-2009-0790\", \"CVE-2009-0792\", \"CVE-2009-0922\", \"CVE-2009-0927\", \"CVE-2009-0928\", \"CVE-2009-1061\", \"CVE-2009-1062\", \"CVE-2009-1171\", \"CVE-2009-1241\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:009\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-doc\", rpm:\"NetworkManager-doc~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs\", rpm:\"aufs~cvs20081020~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-default\", rpm:\"aufs-kmp-default~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-pae\", rpm:\"aufs-kmp-pae~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-xen\", rpm:\"aufs-kmp-xen~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"deb\", rpm:\"deb~1.14.21~10.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-branding-upstream\", rpm:\"glib2-branding-upstream~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel\", rpm:\"gnome-panel~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-devel\", rpm:\"gnome-panel-devel~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-doc\", rpm:\"gnome-panel-doc~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-extras\", rpm:\"gnome-panel-extras~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-lang\", rpm:\"gnome-panel-lang~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.9~25.108.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2-lang\", rpm:\"gpg2-lang~2.0.9~25.108.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base\", rpm:\"gstreamer-0_10-plugins-base~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-devel\", rpm:\"gstreamer-0_10-plugins-base-devel~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-doc\", rpm:\"gstreamer-0_10-plugins-base-doc~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-lang\", rpm:\"gstreamer-0_10-plugins-base-lang~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akonadi\", rpm:\"kde4-akonadi~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akonadi-devel\", rpm:\"kde4-akonadi-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akregator\", rpm:\"kde4-akregator~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-dolphin\", rpm:\"kde4-dolphin~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kaddressbook\", rpm:\"kde4-kaddressbook~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kalarm\", rpm:\"kde4-kalarm~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdepasswd\", rpm:\"kde4-kdepasswd~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdialog\", rpm:\"kde4-kdialog~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdm\", rpm:\"kde4-kdm~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdm-branding-upstream\", rpm:\"kde4-kdm-branding-upstream~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-keditbookmarks\", rpm:\"kde4-keditbookmarks~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kfind\", rpm:\"kde4-kfind~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kgreeter-plugins\", rpm:\"kde4-kgreeter-plugins~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kinfocenter\", rpm:\"kde4-kinfocenter~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kjots\", rpm:\"kde4-kjots~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kmail\", rpm:\"kde4-kmail~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-knode\", rpm:\"kde4-knode~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-knotes\", rpm:\"kde4-knotes~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-konqueror\", rpm:\"kde4-konqueror~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-konsole\", rpm:\"kde4-konsole~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kontact\", rpm:\"kde4-kontact~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-korganizer\", rpm:\"kde4-korganizer~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-ktimetracker\", rpm:\"kde4-ktimetracker~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-ktnef\", rpm:\"kde4-ktnef~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kwin\", rpm:\"kde4-kwin~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kwrite\", rpm:\"kde4-kwrite~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4\", rpm:\"kdebase4~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-libkonq\", rpm:\"kdebase4-libkonq~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-nsplugin\", rpm:\"kdebase4-nsplugin~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-runtime\", rpm:\"kdebase4-runtime~4.1.3~4.2.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace\", rpm:\"kdebase4-workspace~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-branding-upstream\", rpm:\"kdebase4-workspace-branding-upstream~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-devel\", rpm:\"kdebase4-workspace-devel~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-ksysguardd\", rpm:\"kdebase4-workspace-ksysguardd~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4\", rpm:\"kdelibs4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4-core\", rpm:\"kdelibs4-core~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4-doc\", rpm:\"kdelibs4-doc~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4\", rpm:\"kdepim4~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4-devel\", rpm:\"kdepim4-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4-wizards\", rpm:\"kdepim4-wizards~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepimlibs4\", rpm:\"kdepimlibs4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.21~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.21~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kio_iso\", rpm:\"kio_iso~1.99.2.beta2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krusader\", rpm:\"krusader~1.99.2.beta2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libakonadi4\", rpm:\"libakonadi4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-2_0-0\", rpm:\"libgio-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-fam\", rpm:\"libgio-fam~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libglib-2_0-0\", rpm:\"libglib-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgmodule-2_0-0\", rpm:\"libgmodule-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas\", rpm:\"libgnomecanvas~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-devel\", rpm:\"libgnomecanvas-devel~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-doc\", rpm:\"libgnomecanvas-doc~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-lang\", rpm:\"libgnomecanvas-lang~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra-devel\", rpm:\"libgnutls-extra-devel~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgobject-2_0-0\", rpm:\"libgobject-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgstinterfaces-0_10-0\", rpm:\"libgstinterfaces-0_10-0~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgthread-2_0-0\", rpm:\"libgthread-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal\", rpm:\"libkcal~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal-devel\", rpm:\"libkcal-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal2\", rpm:\"libkcal2~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkde4\", rpm:\"libkde4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkde4-devel\", rpm:\"libkde4-devel~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepim4\", rpm:\"libkdepim4~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepim4-devel\", rpm:\"libkdepim4-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepimlibs4\", rpm:\"libkdepimlibs4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepimlibs4-devel\", rpm:\"libkdepimlibs4-devel~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime-devel\", rpm:\"libkmime-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime2\", rpm:\"libkmime2~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkonq-devel\", rpm:\"libkonq-devel~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkonq5\", rpm:\"libkonq5~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef-devel\", rpm:\"libktnef-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef1\", rpm:\"libktnef1~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpcap-devel\", rpm:\"libpcap-devel~0.9.8~50.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpcap0\", rpm:\"libpcap0~0.9.8~50.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~126~17.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1-gnome-vfs\", rpm:\"libxine1-gnome-vfs~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1-pulse\", rpm:\"libxine1-pulse~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"module-init-tools\", rpm:\"module-init-tools~3.4~56.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.6.16~1.47.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.6.16~1.47.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"phonon-backend-xine\", rpm:\"phonon-backend-xine~4.1.3~4.2.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.71.11~7.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~97.78.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~97.78.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-audio\", rpm:\"bluez-audio~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-branding-upstream\", rpm:\"glib2-branding-upstream~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.9~22.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2-lang\", rpm:\"gpg2-lang~2.0.9~22.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal\", rpm:\"hal~0.5.11~8.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal-devel\", rpm:\"hal-devel~0.5.11~8.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-2_0-0\", rpm:\"libgio-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-fam\", rpm:\"libgio-fam~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libglib-2_0-0\", rpm:\"libglib-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgmodule-2_0-0\", rpm:\"libgmodule-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra-devel\", rpm:\"libgnutls-extra-devel~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgobject-2_0-0\", rpm:\"libgobject-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgthread-2_0-0\", rpm:\"libgthread-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal\", rpm:\"libkcal~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal-devel\", rpm:\"libkcal-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal2\", rpm:\"libkcal2~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime-devel\", rpm:\"libkmime-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime2\", rpm:\"libkmime2~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef-devel\", rpm:\"libktnef-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef1\", rpm:\"libktnef1~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~130.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~130.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.70.8~3.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009d~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~95.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~95.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~0.11.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.21post~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.21post~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.6.1~36.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.6.1~36.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.4~49.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~64.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~64.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.70.2~4.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009d~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~19.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~19.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:42", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:009. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:009", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0196", "CVE-2009-0928", "CVE-2009-0586", "CVE-2009-0658", "CVE-2009-0792", "CVE-2009-0922", "CVE-2009-1241", "CVE-2008-4311", "CVE-2009-0927", "CVE-2009-0698", "CVE-2009-0365", "CVE-2009-0193", "CVE-2009-1062", "CVE-2009-1171", "CVE-2008-4989", "CVE-2009-0578", "CVE-2009-0790", "CVE-2009-1061"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:63891", "href": "http://plugins.openvas.org/nasl.php?oid=63891", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_009.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:009\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:009. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_id(63891);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2008-4311\", \"CVE-2008-4989\", \"CVE-2009-0193\", \"CVE-2009-0196\", \"CVE-2009-0365\", \"CVE-2009-0578\", \"CVE-2009-0586\", \"CVE-2009-0658\", \"CVE-2009-0698\", \"CVE-2009-0790\", \"CVE-2009-0792\", \"CVE-2009-0922\", \"CVE-2009-0927\", \"CVE-2009-0928\", \"CVE-2009-1061\", \"CVE-2009-1062\", \"CVE-2009-1171\", \"CVE-2009-1241\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:009\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-doc\", rpm:\"NetworkManager-doc~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.7.0.r4359~15.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs\", rpm:\"aufs~cvs20081020~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-default\", rpm:\"aufs-kmp-default~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-pae\", rpm:\"aufs-kmp-pae~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-xen\", rpm:\"aufs-kmp-xen~cvs20081020_2.6.27.21_0.1~1.32.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.2.10~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"deb\", rpm:\"deb~1.14.21~10.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-branding-upstream\", rpm:\"glib2-branding-upstream~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel\", rpm:\"gnome-panel~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-devel\", rpm:\"gnome-panel-devel~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-doc\", rpm:\"gnome-panel-doc~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-extras\", rpm:\"gnome-panel-extras~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-lang\", rpm:\"gnome-panel-lang~2.24.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.9~25.108.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2-lang\", rpm:\"gpg2-lang~2.0.9~25.108.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base\", rpm:\"gstreamer-0_10-plugins-base~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-devel\", rpm:\"gstreamer-0_10-plugins-base-devel~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-doc\", rpm:\"gstreamer-0_10-plugins-base-doc~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-base-lang\", rpm:\"gstreamer-0_10-plugins-base-lang~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.4_b14~24.4.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akonadi\", rpm:\"kde4-akonadi~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akonadi-devel\", rpm:\"kde4-akonadi-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-akregator\", rpm:\"kde4-akregator~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-dolphin\", rpm:\"kde4-dolphin~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kaddressbook\", rpm:\"kde4-kaddressbook~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kalarm\", rpm:\"kde4-kalarm~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdepasswd\", rpm:\"kde4-kdepasswd~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdialog\", rpm:\"kde4-kdialog~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdm\", rpm:\"kde4-kdm~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kdm-branding-upstream\", rpm:\"kde4-kdm-branding-upstream~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-keditbookmarks\", rpm:\"kde4-keditbookmarks~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kfind\", rpm:\"kde4-kfind~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kgreeter-plugins\", rpm:\"kde4-kgreeter-plugins~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kinfocenter\", rpm:\"kde4-kinfocenter~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kjots\", rpm:\"kde4-kjots~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kmail\", rpm:\"kde4-kmail~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-knode\", rpm:\"kde4-knode~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-knotes\", rpm:\"kde4-knotes~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-konqueror\", rpm:\"kde4-konqueror~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-konsole\", rpm:\"kde4-konsole~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kontact\", rpm:\"kde4-kontact~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-korganizer\", rpm:\"kde4-korganizer~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-ktimetracker\", rpm:\"kde4-ktimetracker~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-ktnef\", rpm:\"kde4-ktnef~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kwin\", rpm:\"kde4-kwin~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kde4-kwrite\", rpm:\"kde4-kwrite~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4\", rpm:\"kdebase4~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-libkonq\", rpm:\"kdebase4-libkonq~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-nsplugin\", rpm:\"kdebase4-nsplugin~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-runtime\", rpm:\"kdebase4-runtime~4.1.3~4.2.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace\", rpm:\"kdebase4-workspace~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-branding-upstream\", rpm:\"kdebase4-workspace-branding-upstream~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-devel\", rpm:\"kdebase4-workspace-devel~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdebase4-workspace-ksysguardd\", rpm:\"kdebase4-workspace-ksysguardd~4.1.3~10.3.7\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4\", rpm:\"kdelibs4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4-core\", rpm:\"kdelibs4-core~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdelibs4-doc\", rpm:\"kdelibs4-doc~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4\", rpm:\"kdepim4~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4-devel\", rpm:\"kdepim4-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim4-wizards\", rpm:\"kdepim4-wizards~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepimlibs4\", rpm:\"kdepimlibs4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.21~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.21~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.21~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kio_iso\", rpm:\"kio_iso~1.99.2.beta2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~211.12.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~132.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krusader\", rpm:\"krusader~1.99.2.beta2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libakonadi4\", rpm:\"libakonadi4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-2_0-0\", rpm:\"libgio-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-fam\", rpm:\"libgio-fam~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libglib-2_0-0\", rpm:\"libglib-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgmodule-2_0-0\", rpm:\"libgmodule-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas\", rpm:\"libgnomecanvas~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-devel\", rpm:\"libgnomecanvas-devel~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-doc\", rpm:\"libgnomecanvas-doc~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnomecanvas-lang\", rpm:\"libgnomecanvas-lang~2.20.1.1~25.81.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra-devel\", rpm:\"libgnutls-extra-devel~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~24.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgobject-2_0-0\", rpm:\"libgobject-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgstinterfaces-0_10-0\", rpm:\"libgstinterfaces-0_10-0~0.10.21~2.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgthread-2_0-0\", rpm:\"libgthread-2_0-0~2.18.2~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal\", rpm:\"libkcal~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal-devel\", rpm:\"libkcal-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal2\", rpm:\"libkcal2~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkde4\", rpm:\"libkde4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkde4-devel\", rpm:\"libkde4-devel~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~4.1.3~4.10.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepim4\", rpm:\"libkdepim4~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepim4-devel\", rpm:\"libkdepim4-devel~4.1.3~3.14.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepimlibs4\", rpm:\"libkdepimlibs4~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkdepimlibs4-devel\", rpm:\"libkdepimlibs4-devel~4.1.3~5.2.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime-devel\", rpm:\"libkmime-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime2\", rpm:\"libkmime2~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkonq-devel\", rpm:\"libkonq-devel~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkonq5\", rpm:\"libkonq5~4.1.3~3.8.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef-devel\", rpm:\"libktnef-devel~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef1\", rpm:\"libktnef1~3.5.10~8.14.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpcap-devel\", rpm:\"libpcap-devel~0.9.8~50.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpcap0\", rpm:\"libpcap0~0.9.8~50.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~126~17.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1-gnome-vfs\", rpm:\"libxine1-gnome-vfs~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1-pulse\", rpm:\"libxine1-pulse~1.1.15~23.3.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"module-init-tools\", rpm:\"module-init-tools~3.4~56.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.6.16~1.47.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.6.16~1.47.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"phonon-backend-xine\", rpm:\"phonon-backend-xine~4.1.3~4.2.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.8~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.71.11~7.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~97.78.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~97.78.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-audio\", rpm:\"bluez-audio~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.32~8.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-branding-upstream\", rpm:\"glib2-branding-upstream~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.9~22.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2-lang\", rpm:\"gpg2-lang~2.0.9~22.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal\", rpm:\"hal~0.5.11~8.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal-devel\", rpm:\"hal-devel~0.5.11~8.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~157.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~50.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-2_0-0\", rpm:\"libgio-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgio-fam\", rpm:\"libgio-fam~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libglib-2_0-0\", rpm:\"libglib-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgmodule-2_0-0\", rpm:\"libgmodule-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra-devel\", rpm:\"libgnutls-extra-devel~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.2.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgobject-2_0-0\", rpm:\"libgobject-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgthread-2_0-0\", rpm:\"libgthread-2_0-0~2.16.3~20.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal\", rpm:\"libkcal~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal-devel\", rpm:\"libkcal-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkcal2\", rpm:\"libkcal2~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime-devel\", rpm:\"libkmime-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkmime2\", rpm:\"libkmime2~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef-devel\", rpm:\"libktnef-devel~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libktnef1\", rpm:\"libktnef1~3.5.9~53.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.8~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~130.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~130.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.70.8~3.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009d~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.12~8.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~95.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~95.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~0.11.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.21post~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.21post~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.18~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.95.1~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.95.1~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2\", rpm:\"glib2~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-devel\", rpm:\"glib2-devel~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-doc\", rpm:\"glib2-doc~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glib2-lang\", rpm:\"glib2-lang~2.14.1~4.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.6.1~36.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.6.1~36.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpg2\", rpm:\"gpg2~2.0.4~49.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3\", rpm:\"kdepim3~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-devel\", rpm:\"kdepim3-devel~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-kpilot\", rpm:\"kdepim3-kpilot~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-mobile\", rpm:\"kdepim3-mobile~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-notes\", rpm:\"kdepim3-notes~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdepim3-time-management\", rpm:\"kdepim3-time-management~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kitchensync\", rpm:\"kitchensync~3.5.7.enterprise.0.20070904.708012~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.46~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database\", rpm:\"koffice-database~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-mysql\", rpm:\"koffice-database-mysql~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-database-psql\", rpm:\"koffice-database-psql~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-extra\", rpm:\"koffice-extra~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-illustration\", rpm:\"koffice-illustration~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-planning\", rpm:\"koffice-planning~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-presentation\", rpm:\"koffice-presentation~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-python\", rpm:\"koffice-python~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-ruby\", rpm:\"koffice-ruby~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-spreadsheet\", rpm:\"koffice-spreadsheet~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-wordprocessing\", rpm:\"koffice-wordprocessing~1.6.3~51.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.2~22.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~64.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~64.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.2.13~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.70.2~4.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009d~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.8~14.14\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~19.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~19.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2022-01-04T13:27:12", "description": "Christian Eibl discovered that the TeX filter in Moodle allowed any \nfunction to be used. An authenticated remote attacker could post \na specially crafted TeX formula to execute arbitrary TeX functions, \npotentially reading any file accessible to the web server user, leading \nto a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n", "cvss3": {}, "published": "2009-06-24T00:00:00", "type": "ubuntu", "title": "Moodle vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1171"], "modified": "2009-06-24T00:00:00", "id": "USN-791-2", "href": "https://ubuntu.com/security/notices/USN-791-2", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-04T13:27:08", "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not \ncorrectly escape email addresses. A local attacker with direct access \nto the Moodle database could exploit this to execute arbitrary commands \nas the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape \nshell meta-characters. An authenticated remote attacker could execute \narbitrary commands as the web server user, if curl was installed and \nconfigured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not \ncorrectly filter certain inputs. An authenticated remote attacker could \nexploit this to execute arbitrary PHP commands as the web server user. \n(CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not \ncorrectly handle temporary files. If the tool had been locally modified, \nit could be made to overwrite arbitrary local files via symlinks. \n(CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page \ntitles in certain areas. An authenticated remote attacker could exploit \nthis to cause cross-site scripting (XSS), which could be used to modify \nor steal confidential data of other users within the same web domain. \n(CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, \"Login as\" feature, and logging \nin Moodle did not correctly handle certain inputs. An authenticated \nremote attacker could exploit this to generate XSS, which could be used \nto modify or steal confidential data of other users within the same \nweb domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, \nMSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly \nfilter SQL inputs. An authenticated remote attacker could execute \narbitrary SQL commands as the moodle database user, leading to a loss \nof privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings \nin Moodle were not protected from cross-site request forgery (CSRF). \nIf an authenticated user were tricked into visiting a malicious \nwebsite while logged into Moodle, a remote attacker could change the \nuser's configurations or forum content. (CVE-2009-0499, MSA-09-0008, \nMSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the \nCalendar Export tool. A remote attacker could gather a list of users, \nleading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any \nfunction to be used. An authenticated remote attacker could post \na specially crafted TeX formula to execute arbitrary TeX functions, \npotentially reading any file accessible to the web server user, leading \nto a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user \npermissions when attempting to switch user accounts. An authenticated \nremote attacker could switch to any other Moodle user, leading to a loss \nof privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained \nXSS vulnerabilities. An unauthenticated remote attacker could exploit \nthis to modify or steal confidential data of other users within the same \nweb domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra \nMontesinos discovered that when users were deleted from Moodle, their \nprofiles and avatars were still visible. An authenticated remote attacker \ncould exploit this to store information in profiles even after they were \nremoved, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. \nAn authenticated remote attacker could exploit this to generate XSS from \nwhich they could modify or steal confidential data of other users within \nthe same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group \ncreation, mnet, essay question, HOST param, wiki param, and others. \nAn authenticated remote attacker could exploit this to generate XSS \nfrom which they could modify or steal confidential data of other users \nwithin the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, \nMDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when \nperforming a restore. An attacker authenticated as a Moodle administrator \ncould execute arbitrary SQL commands as the moodle database user, \nleading to a loss of privacy or denial of service. (MDL-11857)\n", "cvss3": {}, "published": "2009-06-24T00:00:00", "type": "ubuntu", "title": "Moodle vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0501", "CVE-2007-3215", "CVE-2008-6124", "CVE-2009-1171", "CVE-2008-5153", "CVE-2008-5619", "CVE-2009-1669", "CVE-2009-0500", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-4796", "CVE-2009-0499", "CVE-2009-0502", "CVE-2008-4810"], "modified": "2009-06-24T00:00:00", "id": "USN-791-1", "href": "https://ubuntu.com/security/notices/USN-791-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T18:47:28", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2009-04-03T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-1171"], "modified": "2009-04-03T00:00:00", "id": "SECURITYVULNS:VULN:9793", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9793", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2021-10-22T01:18:34", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1761-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 3rd, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : moodle\nVulnerability : missing input sanitization\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-1171\nDebian Bug : 522116\n\n\nChristian J. Eibl discovered that the TeX filter of Moodle, a web-based\ncourse management system, doesn't check user input for certain TeX commands\nwhich allows an attacker to include and display the content of arbitrary system\nfiles.\n\nNote that this doesn't affect installations that only use the mimetex\nenvironment.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.6.3-2+etch3.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.8.2.dfsg-3+lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2.dfsg-5.\n\n\nWe recommend that you upgrade your moodle packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.dsc\n Size/MD5 checksum: 793 bb2ea87c38661c49b936a357eeb14b0c\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.diff.gz\n Size/MD5 checksum: 27511 974a829196380027ac19e82ecd4a6e82\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3_all.deb\n Size/MD5 checksum: 6583190 7d5c0c3103021541b308f54bfc2e2d55\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.diff.gz\n Size/MD5 checksum: 49345 31b07d8aab91762d31e2f73dcc6a468c\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.dsc\n Size/MD5 checksum: 1390 e7a4b2fe58e3b53f6c4bf6327a007509\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2_all.deb\n Size/MD5 checksum: 8713446 6a9345748982edab6a52047abe6779f6\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-04-03T13:35:39", "type": "debian", "title": "[SECURITY] [DSA 1761-1] New moodle packages fix file disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1171"], "modified": "2009-04-03T13:35:39", "id": "DEBIAN:DSA-1761-1:ACA60", "href": "https://lists.debian.org/debian-security-announce/2009/msg00072.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T21:25:09", "description": "The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a \"$$\" sequence, which causes LaTeX to include the contents of the file.", "cvss3": {}, "published": "2009-03-30T22:30:00", "type": "cve", "title": "CVE-2009-1171", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1171"], "modified": "2020-12-01T14:43:00", "cpe": ["cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:moodle:moodle:1.6.0", "cpe:/a:moodle:moodle:1.6.4", "cpe:/a:moodle:moodle:1.9.4", "cpe:/a:moodle:moodle:1.7.4", "cpe:/a:moodle:moodle:1.6.6", "cpe:/a:moodle:moodle:1.7.1", "cpe:/a:moodle:moodle:1.7.6", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.8.8", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.7.3", "cpe:/a:moodle:moodle:1.6.2", "cpe:/a:moodle:moodle:1.6.5", "cpe:/a:moodle:moodle:1.6.3", "cpe:/a:moodle:moodle:1.7.5", "cpe:/a:moodle:moodle:1.8.3", "cpe:/a:moodle:moodle:1.6.7", "cpe:/a:moodle:moodle:1.6.1", "cpe:/a:moodle:moodle:1.7.2", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.6.8"], "id": "CVE-2009-1171", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1171", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T14:40:04", "description": "The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before\n1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read\narbitrary files via an input command in a \"$$\" sequence, which causes LaTeX\nto include the contents of the file.", "cvss3": {}, "published": "2009-03-30T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1171", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1171"], "modified": "2009-03-30T00:00:00", "id": "UB:CVE-2009-1171", "href": "https://ubuntu.com/security/CVE-2009-1171", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "cvss3": {}, "published": "2009-04-02T17:21:49", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moodle-1.9.4-6.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2009-04-02T17:21:49", "id": "FEDORA:0C0B6208959", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4EDUSZYSMBZ5IAI2I5M6K2FA342WGQH6/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "cvss3": {}, "published": "2009-04-02T17:22:01", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: moodle-1.9.4-6.fc9", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2009-04-02T17:22:01", "id": "FEDORA:4424B20894E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZNWAY45QWZC3VVJY335XBFQLCD2TT4MI/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "cvss3": {}, "published": "2009-12-11T18:13:02", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moodle-1.9.7-1.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "modified": "2009-12-11T18:13:02", "id": "FEDORA:7E1DF10F85C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y4CY2RBCGV5D36FK5WDWJQUP3XFNGMXT/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}