ID SECURITYVULNS:VULN:10981
Type securityvulns
Reporter BUGTRAQ
Modified 2010-07-11T00:00:00
Description
NULL pointer dereference on GAA-API token parsing.
{"id": "SECURITYVULNS:VULN:10981", "bulletinFamily": "software", "title": "Heimdal Kerberos server DoS", "description": "NULL pointer dereference on GAA-API token parsing.", "published": "2010-07-11T00:00:00", "modified": "2010-07-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10981", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24193"], "cvelist": ["CVE-2010-1321"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:37", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "2ab51bacc0a8e1a8fdc1de597f6b5731"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "fc77bece72637682d83c1d27b5f39832"}, {"key": "cvss", "hash": "b4c02b01e145dc1cccaabeb902422ace"}, {"key": "description", "hash": "4d5f57f630783527bf34a82fac2b997d"}, {"key": "href", "hash": "73f7e106befc9f6ea86193ce3b01b820"}, {"key": "modified", "hash": "90e7f19a23e237d7f30455fafe01cf86"}, {"key": "published", "hash": "90e7f19a23e237d7f30455fafe01cf86"}, {"key": "references", "hash": "e613da799c6e8a558de750a15502a8a8"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "e7e3385102a90a8118e546439327fcde"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "f04310c7266d85788b40e91c120c2ecc42fb6ad36cda57e46622cbf9eb96c5c7", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:09:37"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": [{"name": "heimdal", "operator": "eq", "version": "1.2"}]}
{"cve": [{"lastseen": "2017-09-19T13:36:55", "references": ["http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", "http://www.vupen.com/english/advisories/2010/1196", "http://www.us-cert.gov/cas/techalerts/TA11-201A.html", "http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded", "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html", "http://www.redhat.com/support/errata/RHSA-2010-0423.html", "http://www.vupen.com/english/advisories/2010/1574", "http://www.vupen.com/english/advisories/2010/1193", "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html", "http://www.redhat.com/support/errata/RHSA-2010-0770.html", "http://www.vupen.com/english/advisories/2010/1192", "http://www.vupen.com/english/advisories/2010/1882", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "http://www.vupen.com/english/advisories/2010/1177", "http://www.securityfocus.com/archive/1/archive/1/511331/100/0/threaded", "http://www.vupen.com/english/advisories/2010/1222", "http://www.ubuntu.com/usn/USN-940-2", "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", "http://www.debian.org/security/2010/dsa-2052", "http://www.vupen.com/english/advisories/2011/0134", "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "http://www.vupen.com/english/advisories/2010/3112", "http://www.ubuntu.com/usn/USN-940-1", "http://www.us-cert.gov/cas/techalerts/TA10-287A.html", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt", "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "http://www.redhat.com/support/errata/RHSA-2010-0807.html", "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "http://www.securityfocus.com/bid/40235", "http://www.redhat.com/support/errata/RHSA-2010-0987.html", "http://support.avaya.com/css/P8/documents/100114315", "http://www.redhat.com/support/errata/RHSA-2011-0152.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100", "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427", "http://www.redhat.com/support/errata/RHSA-2010-0873.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html", "http://www.redhat.com/support/errata/RHSA-2010-0935.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"], "description": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.", "edition": 2, "reporter": "NVD", "published": "2010-05-19T14:30:03", "title": "CVE-2010-1321", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:55", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11604", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-1321"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:7198", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7198"}], "modified": "2017-09-18T21:30:41", "cpe": ["cpe:/a:mit:kerberos:5-1.4", "cpe:/a:mit:kerberos:5-1.2.6", "cpe:/a:mit:kerberos:5-1.2.5", "cpe:/a:mit:kerberos:5-1.1", "cpe:/a:mit:kerberos:5_1.1.1", "cpe:/a:mit:kerberos:5-1.7.1", "cpe:/a:mit:kerberos:5_1.2:beta2", "cpe:/a:mit:kerberos:5-1.2.3", "cpe:/a:mit:kerberos:5_1.1", "cpe:/a:mit:kerberos:5-1.6.1", "cpe:/a:mit:kerberos:5_1.0.6", "cpe:/a:mit:kerberos:5-1.6.3", "cpe:/a:mit:kerberos:5_1.0", "cpe:/a:mit:kerberos:5-1.6", "cpe:/a:mit:kerberos:5-1.7", "cpe:/a:mit:kerberos:5-1.2", "cpe:/a:mit:kerberos:5", "cpe:/a:mit:kerberos:5-1.5.2", "cpe:/a:mit:kerberos:5-1.4.2", "cpe:/a:mit:kerberos:5-1.2.8", "cpe:/a:mit:kerberos:5-1.6.2", "cpe:/a:mit:kerberos:5-1.3.3", "cpe:/a:mit:kerberos:5-1.3.2", "cpe:/a:mit:kerberos:5-1.8", "cpe:/a:mit:kerberos:5-1.2.4", "cpe:/a:mit:kerberos:5-1.4.3", "cpe:/a:mit:kerberos:5_1.2:beta1", "cpe:/a:mit:kerberos:5-1.5", "cpe:/a:mit:kerberos:5-1.5.1", "cpe:/a:mit:kerberos:5-1.2.1", "cpe:/a:mit:kerberos:5-1.8:alpha", "cpe:/a:mit:kerberos:5-1.3.6", "cpe:/a:mit:kerberos:5-1.2.2", "cpe:/a:mit:kerberos:5-1.3.4", "cpe:/a:mit:kerberos:5-1.3.1", "cpe:/a:mit:kerberos:5-1.8.1", "cpe:/a:mit:kerberos:5-1.4.4", "cpe:/a:mit:kerberos:5-1.3.5", "cpe:/a:mit:kerberos:5-1.4.1", "cpe:/a:mit:kerberos:5-1.3:alpha1", "cpe:/a:mit:kerberos:5-1.2.7", "cpe:/a:mit:kerberos:5_1.3.3", "cpe:/a:mit:kerberos:5-1.5.3", "cpe:/a:derrick_brashear:kadmind", "cpe:/a:mit:kerberos:5-1.3"], "id": "CVE-2010-1321", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1321", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nMITKRB5-SA-2010-005\r\n\r\nMIT krb5 Security Advisory 2010-005\r\nOriginal release: 2010-05-18\r\n\r\nTopic: GSS-API library null pointer dereference\r\n\r\nCVE-2010-1321\r\n\r\nCVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C\r\n\r\nCVSSv2 Base Score: 6.8\r\n\r\nAccess Vector: Network\r\nAccess Complexity: Low\r\nAuthentication: Single\r\nConfidentiality Impact: None\r\nIntegrity Impact: None\r\nAvailability Impact: Complete\r\n\r\nCVSSv2 Temporal Score: 5.3\r\n\r\nExploitability: Proof-of-Concept\r\nRemediation Level: Official Fix\r\nReport Confidence: Confirmed\r\n\r\nSUMMARY\r\n=======\r\n\r\nCertain invalid GSS-API tokens can cause a GSS-API acceptor (server)\r\nto crash due to a null pointer dereference in the GSS-API library.\r\n\r\nThis is an implementation vulnerability in MIT krb5, and not a\r\nvulnerability in the Kerberos protocol.\r\n\r\nIMPACT\r\n======\r\n\r\nAn authenticated remote attacker can cause a GSS-API application\r\nserver (including the Kerberos administration daemon kadmind) to crash\r\nby sending a malformed GSS-API token that induces a null pointer\r\ndereference.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* kadmind and other GSS-API server applications in all known releases\r\n of MIT krb5, up to and including krb5-1.8.1\r\n\r\n* third-party GSS-API server applications that link link against the\r\n GSS-API library in all known releases of MIT krb5, up to and\r\n including krb5-1.8.1\r\n\r\n* Independent implementations of the krb5 GSS-API mechanism may be\r\n vulnerable, as the underlying bug is based on plausible (but\r\n invalid) assumptions about the Kerberos protocol.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.8.2 release and an upcoming krb5-1.7 series\r\n release will contain a fix for this vulnerability.\r\n\r\n* Apply the following patch. The patch was generated against\r\n krb5-1.8.1, but should also apply to krb5-1.7 series releases.\r\n\r\ndiff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c\r\nindex ce3075f..6241055 100644\r\n- --- a/src/lib/gssapi/krb5/accept_sec_context.c\r\n+++ b/src/lib/gssapi/krb5/accept_sec_context.c\r\n@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle,\r\n }\r\n #endif\r\n \r\n+ if (authdat->checksum == NULL) {\r\n+ /* missing checksum counts as "inappropriate type" */\r\n+ code = KRB5KRB_AP_ERR_INAPP_CKSUM;\r\n+ major_status = GSS_S_FAILURE;\r\n+ goto fail;\r\n+ }\r\n+\r\n if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {\r\n /* Samba does not send 0x8003 GSS-API checksums */\r\n krb5_boolean valid;\r\n\r\n\r\n\r\n This patch is also available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2010-005-patch.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2010-005-patch.txt.asc\r\n\r\n\r\nFor the krb5-1.6 release:\r\n\r\n http://web.mit.edu/kerberos/advisories/2010-005-patch_r16.txt\r\n\r\nPGP-signed patch for krb5-1.6:\r\n\r\n http://web.mit.edu/kerberos/advisories/2010-005-patch_r16.txt.asc\r\n\r\n Earlier releases may require minor porting.\r\n\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVSSv2:\r\n\r\n http://www.first.org/cvss/cvss-guide.html\r\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\r\n\r\nCVE: CVE-2010-1321\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Shawn Emery (Oracle) for reporting this vulnerability.\r\n\r\nCONTACT\r\n=======\r\n\r\nThe MIT Kerberos Team security contact address is\r\n<krbcore-security@mit.edu>. When sending sensitive information,\r\nplease PGP-encrypt it using the following key:\r\n\r\npub 2048R/8B8DF501 2010-01-15 [expires: 2011-02-01]\r\nuid MIT Kerberos Team Security Contact <krbcore-security@mit.edu>\r\n\r\nDETAILS\r\n=======\r\n\r\nThe krb5 GSS-API mechanism specification requires that the checksum\r\nfield in the authenticator of the Kerberos AP-REQ (which is optional\r\nin the base Kerberos protocol) be present and contain specific\r\ncontents. If the checksum field is missing, the decoded structure\r\ncontains a null pointer, which code called through\r\nkrb5_gss_accept_sec_context() dereferences without first checking for\r\na null pointer.\r\n\r\nIndependent implementations of the krb5 GSS-API mechanism may be\r\nvulnerable because a developer might reasonably make the invalid\r\nassumption that the authenticator checksum field is not empty (and\r\nhence, that the C representation would not contain a null pointer).\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2010-05-18 original release\r\n\r\nCopyright (C) 2010 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 (SunOS)\r\n\r\niEYEARECAAYFAkvy1ooACgkQSO8fWy4vZo4u8gCgz7jbjv/wCB4gvphXuK8x1g1f\r\n+PMAoKOiUzAEan9RPXQ4MN4SJ2Cl1Zl8\r\n=wuxV\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-05-21T00:00:00", "title": "MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:34", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-1321"], "modified": "2010-05-21T00:00:00", "id": "SECURITYVULNS:DOC:23900", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23900", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:35", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:130\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : heimdal\r\n Date : July 7, 2010\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been found and corrected in heimdal:\r\n \r\n Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)\r\n to crash due to a null pointer dereference in the GSS-API library\r\n (CVE-2010-1321).\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\r\n http://www.h5l.org/advisories.html?show=2010-05-27\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n 60a0d4d8d59a6c33bb87af9d38389be6 mes5/i586/heimdal-daemons-1.2-4.1mdvmes5.1.i586.rpm\r\n 5a8379a376307648185baf277672f4a4 mes5/i586/heimdal-devel-1.2-4.1mdvmes5.1.i586.rpm\r\n fae25dec3b145c0e58a94738107665e7 mes5/i586/heimdal-devel-doc-1.2-4.1mdvmes5.1.i586.rpm\r\n 563dd64df1506f58579cfba456e09cda mes5/i586/heimdal-ftp-1.2-4.1mdvmes5.1.i586.rpm\r\n a54d8a021cec8363ec367f2e4dd7ba21 mes5/i586/heimdal-ftpd-1.2-4.1mdvmes5.1.i586.rpm\r\n 14c33bd11fb09905dd6545bb61e56216 mes5/i586/heimdal-libs-1.2-4.1mdvmes5.1.i586.rpm\r\n e2d953abed1ec85688baeffc010d681f mes5/i586/heimdal-login-1.2-4.1mdvmes5.1.i586.rpm\r\n 38fb75e498161ace328f2578869a3255 mes5/i586/heimdal-rsh-1.2-4.1mdvmes5.1.i586.rpm\r\n 733b1f016412145487f0d64efadc48d0 mes5/i586/heimdal-rshd-1.2-4.1mdvmes5.1.i586.rpm\r\n d42fa5813e4a7b9aee0a01bf2405e320 mes5/i586/heimdal-server-1.2-4.1mdvmes5.1.i586.rpm\r\n 0cf6ddc1a82d3ccd2cc5759be485f7a5 mes5/i586/heimdal-telnet-1.2-4.1mdvmes5.1.i586.rpm\r\n 12084bf73e18d9f2a091430d3b9ab77d mes5/i586/heimdal-telnetd-1.2-4.1mdvmes5.1.i586.rpm\r\n af5bb4f467aeb801bd22f6adfcc0f842 mes5/i586/heimdal-workstation-1.2-4.1mdvmes5.1.i586.rpm \r\n d41ca60ee0f8980f1b0ff2e4c0eff949 mes5/SRPMS/heimdal-1.2-4.1mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n d8e96af9bcf694199d5411e4fb2ed08c mes5/x86_64/heimdal-daemons-1.2-4.1mdvmes5.1.x86_64.rpm\r\n c7b700952bb8603f0444a580cf20ec62 mes5/x86_64/heimdal-devel-1.2-4.1mdvmes5.1.x86_64.rpm\r\n aaf8beb12b4025a62717454be34db078 mes5/x86_64/heimdal-devel-doc-1.2-4.1mdvmes5.1.x86_64.rpm\r\n 7ad7f3d8a79f91fb8d1ed3d432ac9f45 mes5/x86_64/heimdal-ftp-1.2-4.1mdvmes5.1.x86_64.rpm\r\n d6b84ff544941b876e6d55520390ee1a mes5/x86_64/heimdal-ftpd-1.2-4.1mdvmes5.1.x86_64.rpm\r\n 90d18fc592b62805523e173edf779f77 mes5/x86_64/heimdal-libs-1.2-4.1mdvmes5.1.x86_64.rpm\r\n 94327fc1bf983b766c71f466aceb8edc mes5/x86_64/heimdal-login-1.2-4.1mdvmes5.1.x86_64.rpm\r\n 30f310553eecc760770be72708ae5cfa mes5/x86_64/heimdal-rsh-1.2-4.1mdvmes5.1.x86_64.rpm\r\n 8740c265aaccb35fa0a003cb3fbfbfab mes5/x86_64/heimdal-rshd-1.2-4.1mdvmes5.1.x86_64.rpm\r\n 5f3c301ca663cfd0d16561d77437d7d6 mes5/x86_64/heimdal-server-1.2-4.1mdvmes5.1.x86_64.rpm\r\n 24d0fc45b274a0d27cba06bfa5c5a1af mes5/x86_64/heimdal-telnet-1.2-4.1mdvmes5.1.x86_64.rpm\r\n b6605d1f09f73e49dee0bddb20316721 mes5/x86_64/heimdal-telnetd-1.2-4.1mdvmes5.1.x86_64.rpm\r\n 9dc269e3c28fbccd6485173aa1838245 mes5/x86_64/heimdal-workstation-1.2-4.1mdvmes5.1.x86_64.rpm \r\n d41ca60ee0f8980f1b0ff2e4c0eff949 mes5/SRPMS/heimdal-1.2-4.1mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFMNH9nmqjQ0CJFipgRAsE8AKDvy2f3Edmz6Pmkoj1xVMrGj32YYwCfbkMw\r\n+E2oonudfbWDETgh5M0246s=\r\n=X5wQ\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-07-11T00:00:00", "title": "[ MDVSA-2010:130 ] heimdal", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:35", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-1321"], "modified": "2010-07-11T00:00:00", "id": "SECURITYVULNS:DOC:24193", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24193", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:36", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23900"], "description": "NULL pointer dereference in server side code.", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-05-21T00:00:00", "title": "MIT Kerberos 5 GSS-API library DoS", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:36", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "krb5", "version": "1.8", "operator": "eq"}], "cvelist": ["CVE-2010-1321"], "modified": "2010-05-21T00:00:00", "id": "SECURITYVULNS:VULN:10853", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10853", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:38", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24974", "https://vulners.com/securityvulns/securityvulns:doc:24908", "https://vulners.com/securityvulns/securityvulns:doc:25058", "https://vulners.com/securityvulns/securityvulns:doc:25059", "https://vulners.com/securityvulns/securityvulns:doc:24984", "https://vulners.com/securityvulns/securityvulns:doc:25017", "https://vulners.com/securityvulns/securityvulns:doc:26657", "https://vulners.com/securityvulns/securityvulns:doc:24896", "https://vulners.com/securityvulns/securityvulns:doc:25060", "https://vulners.com/securityvulns/securityvulns:doc:25016", "https://vulners.com/securityvulns/securityvulns:doc:25198", "https://vulners.com/securityvulns/securityvulns:doc:24895", "https://vulners.com/securityvulns/securityvulns:doc:24935"], "description": "CPU closes nearly 90 of different vulnerabilities in different applications.", "edition": 1, "reporter": "CPU", "published": "2011-07-18T00:00:00", "title": "Oracle / Sun / Peoplesoft applications multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:38", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "7.0", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.1", "operator": "eq"}, {"name": "Oracle VM", "version": "2.2", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "5.5", "operator": "eq"}, {"name": "PeopleSoft Enterprise", "version": "8.9", "operator": "eq"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "6.21", "operator": "eq"}, {"name": "PeopleSoft Enterprise", "version": "9.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.50", "operator": "eq"}, {"name": "Siebel Core", "version": "8.1", "operator": "eq"}, {"name": "Siebel Core", "version": "8.0", "operator": "eq"}, {"name": "Siebel Core", "version": "7.8", "operator": "eq"}, {"name": "Solaris", "version": "10", "operator": "eq"}, {"name": "Oracle BI Publisher", "version": "10.1", "operator": "eq"}, {"name": "Oracle E-Business Suite Release", "version": "12", "operator": "eq"}, {"name": "PeopleSoft Enterprise", "version": "9.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.49", "operator": "eq"}, {"name": "Siebel Core", "version": "7.7", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2010-2406", "CVE-2010-3584", "CVE-2010-3518", "CVE-2009-3302", "CVE-2009-3301", "CVE-2010-3500", "CVE-2010-3526", "CVE-2010-3502", "CVE-2010-3535", "CVE-2010-3514", "CVE-2010-3503", "CVE-2010-3522", "CVE-2010-2389", "CVE-2010-2412", "CVE-2010-3579", "CVE-2010-3578", "CVE-2010-2414", "CVE-2010-3581", "CVE-2010-3520", "CVE-2010-2409", "CVE-2009-2949", "CVE-2010-3513", "CVE-2010-2416", "CVE-2010-3511", "CVE-2010-3525", "CVE-2010-3540", "CVE-2010-3517", "CVE-2010-2418", "CVE-2010-2417", "CVE-2010-3508", "CVE-2010-2415", "CVE-2010-0395", "CVE-2010-3509", "CVE-2010-3542", "CVE-2010-3575", "CVE-2010-3506", "CVE-2010-2388", "CVE-2010-3507", "CVE-2010-3512", "CVE-2010-3528", "CVE-2010-3538", "CVE-2010-2410", "CVE-2010-2391", "CVE-2010-3523", "CVE-2010-3533", "CVE-2009-2950", "CVE-2010-2395", "CVE-2010-3577", "CVE-2010-3545", "CVE-2010-3529", "CVE-2010-2408", "CVE-2010-2405", "CVE-2010-2407", "CVE-2009-3555", "CVE-2010-2419", "CVE-2010-3583", "CVE-2010-3504", "CVE-2010-3501", "CVE-2010-3527", "CVE-2010-1321", "CVE-2010-2396", "CVE-2010-2411", "CVE-2010-3530", "CVE-2010-3516", "CVE-2010-2390", "CVE-2010-3524", "CVE-2010-3564", "CVE-2010-3546", "CVE-2010-3580", "CVE-2010-3534", "CVE-2010-3576", "CVE-2010-3539", "CVE-2010-3515", "CVE-2010-3521", "CVE-2010-2404", "CVE-2010-3519", "CVE-2010-3582", "CVE-2010-3547", "CVE-2010-3537", "CVE-2010-3532", "CVE-2010-2413", "CVE-2010-3544", "CVE-2010-3531", "CVE-2010-3536", "CVE-2010-3585"], "modified": "2011-07-18T00:00:00", "id": "SECURITYVULNS:VULN:11198", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11198", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "references": ["https://vulners.com/securityvulns/securityvulns:doc:26763", "https://vulners.com/securityvulns/securityvulns:doc:26761", "https://vulners.com/securityvulns/securityvulns:doc:26678", "https://vulners.com/securityvulns/securityvulns:doc:26679", "https://vulners.com/securityvulns/securityvulns:doc:26680", "https://vulners.com/securityvulns/securityvulns:doc:26762"], "description": "Quarterly critical patch update closes 78 different vulnerabilities in all major applications.", "edition": 1, "reporter": "ORACLE", "published": "2011-08-01T00:00:00", "title": "Oracle / Sun / Peoplesoft applications multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:43", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "JRockit", "version": "27.6", "operator": "eq"}, {"name": "PeopleSoft Enterprise SCM", "version": "9.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise HRMS", "version": "8.9", "operator": "eq"}, {"name": "PeopleSoft Enterprise FIN", "version": "9.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.0", "operator": "eq"}, {"name": "Solaris", "version": "8", "operator": "eq"}, {"name": "PeopleSoft Enterprise ELS", "version": "9.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise FIN", "version": "9.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.1", "operator": "eq"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.51", "operator": "eq"}, {"name": "PeopleSoft Enterprise SCM", "version": "9.0", "operator": "eq"}, {"name": "Oracle Secure Backup", "version": "10.3", "operator": "eq"}, {"name": "Solaris", "version": "9", "operator": "eq"}, {"name": "Solaris", "version": "11", "operator": "eq"}, {"name": "PeopleSoft Enterprise FMS", "version": "9.1", "operator": "eq"}, {"name": "Solaris", "version": "10", "operator": "eq"}, {"name": "Oracle E-Business Suite Release", "version": "12", "operator": "eq"}, {"name": "Oracle Outside In Technology", "version": "8.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "eq"}, {"name": "Agile Technology Platform", "version": "9.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise FMS", "version": "9.0", "operator": "eq"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "10.1", "operator": "eq"}], "cvelist": ["CVE-2011-2241", "CVE-2011-0845", "CVE-2011-0835", "CVE-2011-2251", "CVE-2011-2230", "CVE-2011-0831", "CVE-2011-2277", "CVE-2011-2295", "CVE-2011-0882", "CVE-2011-2278", "CVE-2011-2246", "CVE-2011-0830", "CVE-2011-2243", "CVE-2011-2274", "CVE-2011-2293", "CVE-2011-2264", "CVE-2011-2307", "CVE-2011-2244", "CVE-2011-2249", "CVE-2011-0877", "CVE-2011-2300", "CVE-2011-0811", "CVE-2011-2232", "CVE-2011-2289", "CVE-2011-2238", "CVE-2011-2288", "CVE-2011-2261", "CVE-2011-2272", "CVE-2011-2290", "CVE-2011-2240", "CVE-2011-2257", "CVE-2011-2284", "CVE-2011-2250", "CVE-2011-2267", "CVE-2011-2252", "CVE-2011-0875", "CVE-2011-2296", "CVE-2011-2285", "CVE-2011-2242", "CVE-2011-2297", "CVE-2011-0816", "CVE-2011-2248", "CVE-2011-2253", "CVE-2011-0879", "CVE-2011-2258", "CVE-2011-0870", "CVE-2010-1321", "CVE-2011-2279", "CVE-2011-2281", "CVE-2011-0883", "CVE-2011-2299", "CVE-2011-0832", "CVE-2011-0838", "CVE-2011-2273", "CVE-2011-0876", "CVE-2011-2283", "CVE-2011-2275", "CVE-2011-2263", "CVE-2011-2305", "CVE-2011-2239", "CVE-2011-0884", "CVE-2011-2294", "CVE-2011-0822", "CVE-2011-2287", "CVE-2011-0848", "CVE-2011-2245", "CVE-2011-0880", "CVE-2011-2260", "CVE-2011-0881", "CVE-2011-2291", "CVE-2011-0852", "CVE-2011-2231", "CVE-2011-1511", "CVE-2011-2282", "CVE-2011-2298", "CVE-2011-2259", "CVE-2011-2280"], "modified": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11802", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11802", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "references": [], "description": "Oracle Critical Patch Update Advisory - October 2010\r\n\r\nDescription\r\n\r\nA Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to:\r\n\r\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\r\n\r\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 85 new security fixes across all product families listed below.\r\n\r\nOracle is in the process of aligning the Sun Microsystems policies with Oracle Software Security Assurance policies and procedures. For details, please refer to Changes in security policies for the Sun product lines.\r\nAffected Products and Components\r\n\r\nSecurity vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product are of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column. Please click on the link in the Patch Availability column below or in the Patch Availability Table to access the documentation for those patches.\r\n\r\nAffected product releases and versions that are in Premier Support or Extended Support, under the Oracle Lifetime Support Policy:\r\nAffected Products and Versions \tPatch Availability\r\nOracle Database 11g Release 2, version 11.2.0.1 \tDatabase\r\nOracle Database 11g Release 1, version 11.1.0.7 \tDatabase\r\nOracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 \tDatabase\r\nOracle Database 10g, Release 1, version 10.1.0.5 \tDatabase\r\nOracle Fusion Middleware, 11gR1, versions 11.1.1.1.0, 11.1.1.2.0 \tFusion Middleware\r\nOracle Application Server, 10gR3, version 10.1.3.5.0 \tFusion Middleware\r\nOracle Application Server, 10gR2, version 10.1.2.3.0 \tFusion Middleware\r\nOracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1 \tFusion Middleware\r\nOracle Identity Management 10g, versions, 10.1.4.0.1, 10.1.4.3 \tFusion Middleware\r\nOracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2 \tE-Business Suite\r\nOracle E-Business Suite Release 11i, versions 11.5.10, 11.5.10.2 \tE-Business Suite\r\nAgile PLM, version 9.3.0.0 \tOracle Supply Chain\r\nOracle Transportation Management, versions 5.5, 6.0, and 6.1 \tOracle Supply Chain\r\nPeopleSoft Enterprise CRM, FMS, HCM and SCM (Supply Chain), versions 8.9, 9.0 and 9.1 \tPeopleSoft\r\nPeopleSoft Enterprise EPM, Campus Solutions, versions 8.9, 9.0 and 9.1 \tPeopleSoft\r\nPeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50 \tPeopleSoft\r\nSiebel Core, versions 7.7, 7.8, 8.0 and 8.1 \tSiebel\r\nPrimavera P6 Enterprise Project Portfolio Management, Versions: 6.21.3.0, 7.0.1.0 \tPrimavera Suite\r\nOracle Sun Product Suite \tOracle Sun Product Suite\r\nOracle VM, version 2.2.1 \tOracle VM\r\n\r\n\r\nPatch Availability Table and Risk Matrices\r\nProducts with Cumulative Patches\r\n\r\nThe Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications (Releases 11.5.10 CU2, 12.0 and 12.1), JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools and Siebel Enterprise, Oracle Industry Applications and Oracle VM patches in the Updates are cumulative; patches for any of these products included in a Critical Patch Update will include all fixes for that product from the previous Critical Patch Updates.\r\nProducts with Non-Cumulative Patches\r\n\r\nCritical Update Patches for the base Oracle E-business Suite Release 11.5.10 are not cumulative. For more information, refer to Oracle E-Business Suite Critical Patch Update Note for October 2010, My Oracle Support Note 987438.1.\r\n\r\nOracle Collaboration Suite patches were cumulative up to and including the fixes provided in the July 2007 Critical Patch Update. From the October 2007 Critical Patch Update on, Oracle Collaboration Suite security fixes are delivered using the one-off patch infrastructure normally used by Oracle to deliver single bug fixes to customers.\r\n\r\nFor each administered Oracle product, consult the documentation for patch availability information and installation instructions referenced from the following table. For an overview of the Oracle product documentation related to this Critical Patch Update, please refer to the Oracle Critical Patch Update October 2010 Documentation Map, My Oracle Support Note 1210564.1.\r\nPatch Availability Table\r\n\r\nProduct Group \tRisk Matrix \tPatch Availability and Installation Information\r\nOracle Database \tOracle Database Risk Matrix \tPatch Set Update and Critical Patch Update October 2010 Availability Document, My Oracle Support Note 1159443.1\r\nOracle Fusion Middleware \tOracle Fusion Middleware Risk Matrix \tPatch Set Update and Critical Patch Update October 2010 Availability Document, My Oracle Support Note 1159443.1\r\nOracle Enterprise Manager \tOracle Enterprise Manager Risk Matrix \tPatch Set Update and Critical Patch Update October 2010 Availability Document, My Oracle Support Note 1159443.1\r\nOracle Applications - E-Business Suite \tOracle Applications, E-Business Risk Matrix \tOracle E-Business Suite Critical Patch Update Note for October 2010, My Oracle Support Note 987438.1\r\nOracle Applications - Oracle PeopleSoft Enterprise, Oracle Supply Chain and Siebel Product Suite \tOracle Applications, PeopleSoft, Oracle Supply Chain and Siebel Products Risk Matrix \tCritical Patch Update Knowledge Document for PeopleSoft Enterprise, JD Edwards EnterpriseOne, Siebel and Oracle Supply Chain Suite Products, My Oracle Support Note 1210593.1\r\nOracle Primavera Suite \tOracle Primavera Product Suite Risk Matrix \tCritical Patch Update October 2010 Patch Delivery Document for Oracle Primavera Product Suite, My Oracle Support Note 1212734.1\r\nOracle Sun Products Suite \tOracle Sun Products Suite Risk Matrix \tCritical Patch Update October 2010 Patch Delivery Document for Oracle Sun Product Suite\r\nOracle VM \tOracle VM Risk Matrix \tPatch Delivery Document for Oracle VM\r\n\r\nRisk Matrix Content\r\n\r\nRisk matrices list only security vulnerabilities that are newly fixed by the patches associated with this advisory. Risk matrices for previous security fixes can be found in previous Critical Patch Update advisories.\r\n\r\nSeveral vulnerabilities addressed in this Critical Patch Update affect multiple products. A vulnerability that affects multiple products will appear with the same CVE# in all risk matrices. Italics indicate vulnerabilities in code included from other product areas.\r\n\r\nSecurity vulnerabilities are scored using CVSS version 2.0 (see Oracle CVSS Scoring for an explanation of how Oracle applies CVSS 2.0). Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update (CPU). Oracle does not disclose information about the security analysis, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential result of a successful exploit. Oracle provides this information, in part, so that customers may conduct their own risk analysis based on the particulars of their product usage. As a matter of policy, Oracle does not disclose detailed information about an exploit condition or results that can be used to conduct a successful exploit. Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the Patch Availability Matrix, the readme files, and FAQs. Oracle does not provide advance notification on CPUs or Security Alerts to individual customers. Finally, Oracle does not distribute exploit code or \u201cproof-of-concept\u201d code for product vulnerabilities. For more information, see Oracle vulnerability disclosure policies.\r\nWorkarounds\r\n\r\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.\r\nSkipped Critical Patch Updates\r\n\r\nOracle strongly recommends that customers apply security fixes as soon as possible. For customers that have skipped one or more Critical Patch Updates and are concerned about products that do not have security fixes announced in this CPU, please review previous Critical Patch Update advisories to determine appropriate actions.\r\nProduct Dependencies\r\n\r\nOracle products may have dependencies on other Oracle products. Hence security vulnerability fixes announced in this Critical Patch Update may affect one or more dependent Oracle products. For details regarding these dependencies and to apply patches to dependent products, please refer to Patch Set Update and Critical Patch Update October 2010 Availability Document, My Oracle Support Note 1159443.1.\r\nUnsupported Products and Versions\r\n\r\nCritical Patch Update patches are not provided for product versions that are no longer covered under the Premier Support or Extended Support phases of the Lifetime Support Policy.\r\n\r\nWe recommend that customers upgrade to a supported version of Oracle products in order to obtain patches. Unsupported products, releases and versions are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities.\r\nProducts in Extended Support\r\n\r\nCritical Patch Update patches are available to customers who have purchased Extended Support under the Lifetime Support Policy. Customers must have a valid Extended Support service contract to download Critical Patch Update patches for products in the Extended Support Phase.\r\n\r\nSupported Database, Fusion Middleware, EM Grid Control and Collaboration Suite products are patched in accordance with the Software Error Correction Support Policy explained in My Oracle Support Note 209768.1. Please review the Technical Support Policies for further guidelines regarding support policies and phases of support.\r\nOn Request Model\r\n\r\nOracle proactively creates patches only for platform/version combinations that, based on historical data, customers are likely to download for the next Critical Patch Update. Patches for historically inactive platform/version combinations of the Oracle Database, Oracle Application Server and Enterprise Manager will be created only if requested by customers.\r\n\r\nRefer to Patch Set Update and Critical Patch Update October 2010 Availability Document, My Oracle Support Note 1159443.1 for further details regarding the On Request patches.\r\nCredit Statement\r\n\r\nThe following people or organizations reported security vulnerabilities addressed by this Critical Patch Update to Oracle: Aditya K Sood of SecNiche Security; Adrian Pastor of ProCheckUp; Alexander Kornbrust of Red Database Security; Alexandr Polyakov of Digital Security; CERT/CC; David Litchfield formerly of NGS Software; Esteban Martinez Fayo of Application Security, Inc.; Frank Rei_ner of Siberas; Frank Stuart; John S.; JPCERT/CC Vulnerability Handling Team; Juan Pablo Perez Etchegoyen of Onapsis; Karan Saberwal; Marc Schoenefeld of Red Hat; NCC Group; Nahuel Grisolia of Bonsai Information Security; Nicolas Joly of VUPEN Security; Ofer Maor of Hacktics; Okan Basegmez of DORASEC Consulting; Rich Lowe; River Tarnell of Wikimedia Deutschland; Roberto Suggi Liverani of Security-Assessment.com; Sami Koivu of TippingPoint's Zero Day Initiative; Sebastian Apelt of Siberas; Tony Fogarty of DNV; Vulnerability Research Team, Digital Defense, Inc.; Will Dormann of CERT/CC; Yaniv Azaria of Imperva, Inc.; Yaniv Miron of ilhack.org; and Zack Ma.\r\nSecurity-In-Depth Contributors\r\n\r\nOracle provides recognition to people that have contributed to our Security-In-Depth program (see FAQ). People are recognized for Security-In-Depth contributions if they provide information, observations or suggestions pertaining to security vulnerability issues that result in significant modification of Oracle code or documentation in future releases, but are not of such a critical nature that they are distributed in Critical Patch Updates.\r\n\r\nFor this Critical Patch Update, Oracle recognizes Alexander Kornbrust of Red Database Security; Amichai Shulman of Imperva, Inc.; CERT/CC; David Litchfield formerly of NGS Software; Hugo Contreras of Resource IT; iDefense; Jack Kanter of Integrigy; Jeremy Brown through iSIGHT Partners GVP; John S.; Okan Basegmez of DORASEC Consulting; and Stephen Kost of Integrigy for contributions to Oracle's Security-In-Depth program.\r\nCritical Patch Update Schedule\r\n\r\nCritical Patch Updates are historically released on the Tuesday closest to the 15th day of January, April, July and October. The scheduled dates for the release of the next Critical Patch Updates will be on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:\r\n\r\n * 18 January 2011\r\n * 19 April 2011\r\n * 19 July 2011\r\n * 18 October 2011\r\n\r\nReferences\r\n\r\n * Oracle Critical Patch Updates and Security Alerts main page [ Oracle Technology Network ]\r\n * Critical Patch Update - October 2010 Documentation Map [ My Oracle Support Note 1210564.1 ]\r\n * Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions [ CPU FAQ ] \r\n * Risk Matrix definitions [ Risk Matrix Definitions ]\r\n * Use of Common Vulnerability Scoring System (CVSS) by Oracle [ Oracle CVSS Scoring ]\r\n * List of public vulnerabilities fixed in Critical Patch Updates and Security Alerts [ Oracle Technology Network ]\r\n * Software Error Correction Support Policy [ My Oracle Support Note 209768.1 ]\r\n\r\n\r\nModification History\r\n\r\nDate \tComments\r\n2010-October-12 \tRev 1. Initial Release\r\n\r\n \r\n\r\n\r\nAppendix - Oracle Database Server\r\n\r\n \r\nOracle Database Server Executive Summary\r\n\r\nThis Critical Patch Update contains 7 new security fixes for the Oracle Database Server. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.\r\n\r\n \r\nOracle Database Server Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-2390 (Oracle Enterprise Manager Grid Control) \tEM Console \tHTTP \tNone \tYes \t7.5 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tPartial+ \t10.1.0.5, 10.2.0.3 \tSee Note 1\r\nCVE-2010-2419 \tJava Virtual Machine \tOracle Net \tCreate Session \tNo \t6.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tPartial+ \t10.1.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1 \t \r\nCVE-2010-1321 \tChange Data Capture \tOracle Net \tExecute on DBMS_CDC_ PUBLISH \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tNone \t- \tSee Note 2\r\nCVE-2010-2412 \tOLAP \tOracle Net \tCreate Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tNone \t11.1.0.7 \t \r\nCVE-2010-2415 \tChange Data Capture \tOracle Net \tExecute on DBMS_CDC_ PUBLISH \tNo \t4.9 \tNetwork \tMedium \tSingle \tPartial+ \tPartial+ \tNone \t10.1.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1 \t \r\nCVE-2010-2411 \tJob Queue \tOracle Net \tExecute on SYS.DBMS_ IJOB \tNo \t4.6 \tNetwork \tHigh \tSingle \tPartial+ \tPartial+ \tPartial+ \t- \tSee Note 2\r\nCVE-2010-2407 \tXDK \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.0.5, 10.2.0.4, 11.1.0.7 \t \r\nCVE-2010-2391 \tCore RDBMS \tOracle Net \tCreate Session \tNo \t3.6 \tNetwork \tHigh \tSingle \tPartial \tPartial \tNone \t10.1.0.5, 10.2.0.3 \t \r\nCVE-2010-2389 (Oracle Fusion Middleware) \tPerl \tOracle Net \tLocal Logon \tNo \t1.0 \tLocal \tHigh \tSingle \tNone \tPartial+ \tNone \t- \tSee Note 2\r\n \r\n\r\n \r\n\r\nNotes:\r\n\r\n 1. Vulnerability is in Database Control component.\r\n 2. Fixed in all supported releases. Need to upgrade to any supported release patchset.\r\n\r\n\r\n\r\nAppendix - Oracle Fusion Middleware\r\n\r\n \r\nOracle Fusion Middleware Executive Summary\r\n\r\nThis Critical Patch Update contains 8 new security fixes for Oracle Fusion Middleware. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n\r\nOracle Fusion Middleware products include Oracle Database components that are affected by the vulnerabilities listed in the Oracle Database section. The exposure of Oracle Fusion Middleware products is dependent on the Oracle Database version being used. Oracle Database security fixes are not listed in the Oracle Fusion Middleware risk matrix. However, since vulnerabilities affecting Oracle Database versions may affect Oracle Fusion Middleware products, Oracle recommends that customers apply the October 2010 Critical Patch Update to the Oracle Database components of Oracle Fusion Middleware products. For information on what patches need to be applied to your environments, refer to Critical Patch Update October 2010 Patch Availability Document for Oracle Products, My Oracle Support Note 1159443.1.\r\n\r\n \r\nOracle Fusion Middleware Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-2390 (Oracle Enterprise Manager Grid Control) \tEM Console \tHTTP \tNone \tYes \t7.5 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tPartial+ \t10.1.2.3, 10.1.4.3 \tSee Note 1\r\nCVE-2010-3501 \tOID \tLDAP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tNone \tPartial+ \t10.1.2.3, 10.1.4.3, 11.1.1.2.0 \t \r\nCVE-2010-2413 \tBI Publisher \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.3.3.2, 10.1.3.4.1 \t \r\nCVE-2010-2395 \tCabo/UIX \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.2.3, 10.1.3.5 \t \r\nCVE-2010-2409 \tCabo/UIX \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.2.3, 10.1.3.5 \t \r\nCVE-2010-2410 \tCabo/UIX \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.2.3, 10.1.3.5 \t \r\nCVE-2010-2396 \tForms \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.2.3 \t \r\nCVE-2010-3581 \tBPEL Console \tHTTP \tValid Session \tNo \t3.5 \tNetwork \tMedium \tSingle \tNone \tPartial \tNone \t- \tSee Note 2\r\nCVE-2010-2389 \tPerl \tOracle Net \tLocal Logon \tNo \t1.0 \tLocal \tHigh \tSingle \tNone \tPartial+ \tNone \t- \tSee Note 2\r\n \r\n\r\n \r\n\r\nNotes:\r\n\r\n 1. Vulnerability is in Application Server Control component.\r\n 2. Fixed in all supported releases. Need to upgrade to any supported release patchset.\r\n\r\n\r\n\r\nAppendix - Oracle Enterprise Manager Grid Control\r\n\r\n \r\nOracle Enterprise Manager Grid Control Executive Summary\r\n\r\nThis Critical Patch Update contains 1 new security fix for Oracle Enterprise Manager Grid Control. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. This fix is not applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager Grid Control installed.\r\n\r\nOracle Enterprise Manager products include Oracle Database and Oracle Fusion Middleware components that are affected by the vulnerabilities listed in the Oracle Database and Fusion Middleware sections. The exposure of Oracle Enterprise Manager products is dependent on the Oracle Database and Fusion Middleware versions being used. Oracle Database and Fusion Middleware security fixes are not listed in the Oracle Enterprise Manager risk matrix. However, since vulnerabilities affecting Oracle Database and Fusion Middleware versions may affect Oracle Enterprise Manager products, Oracle recommends that customers apply the October 2010 Critical Patch Update to the Oracle Database and Fusion Middleware components of Oracle Enterprise Manager. For information on what patches need to be applied to your environments, refer to Critical Patch Update October 2010 Patch Availability Document for Oracle Products, My Oracle Support Note 1159443.1.\r\n\r\n \r\nOracle Enterprise Manager Grid Control Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-2390 \tEM Console \tHTTP \tNone \tYes \t7.5 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tPartial+ \tSee note \tSee Note 1\r\n \r\n\r\n \r\n\r\nNotes:\r\n\r\n 1. Patch is only applicable to AS Control (Application Server patch) and DB Control (Database patch)\r\n\r\n\r\n\r\nAppendix - Oracle Applications\r\n\r\n \r\nOracle Applications Executive Summary\r\n\r\nThis Critical Patch Update contains 33 new Security fixes for the Oracle Applications divided as follows:\r\n\r\n * 6 new security fixes for the Oracle E-Business Suite. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n * 2 new security fixes for the Oracle Supply Chain Products Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n * 21 new security fixes for the Oracle PeopleSoft and JDEdwards Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n * 4 new security fixes for the Oracle Siebel Suite. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password. \r\n\r\n \r\n\r\nOracle E-Business Suite products include Oracle Database and Oracle Fusion Middleware components that are affected by the vulnerabilities listed in the Oracle Database and Fusion Middleware sections. The exposure of Oracle E-Business Suite products is dependent on the Oracle Database and Fusion Middleware versions being used. Oracle Database and Fusion Middleware security fixes are not listed in the Oracle E-Business Suite risk matrix. However, since vulnerabilities affecting Oracle Database and Fusion Middleware versions may affect Oracle E-Business Suite products, Oracle recommends that customers apply the October 2010 Critical Patch Update to the Oracle Database and Fusion Middleware components of Oracle E-Business Suite. For information on what patches need to be applied to your environments, refer to Oracle E-Business Suite Critical Patch Update for October 2010, My Oracle Support Note 987438.1.\r\nOracle E-Business Suite Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-2388 \tOracle Applications Manager \tHTTP \tNone \tYes \t5.8 \tNetwork \tMedium \tNone \tPartial \tPartial \tNone \t11.5.10.2 \t \r\nCVE-2010-3504 \tOracle Applications Technology Stack \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t11.5.10.2, 12.0.6, 12.1.2 \t \r\nCVE-2010-2416 \tOracle E-Business Intelligence \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t11.5.10.2, 12.0.6, 12.1.3 \t \r\nCVE-2010-2418 \tOracle Territory Management \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t11.5.10.2, 12.0.6, 12.1.3 \t \r\nCVE-2010-2408 \tOracle iRecruitment \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t11.5.10.2, 12.0.6, 12.1.3 \t \r\nCVE-2010-2404 \tOracle iRecruitment \tHTTP \tAccount \tNo \t3.5 \tNetwork \tMedium \tSingle \tNone \tPartial \tNone \t11.5.10.2, 12.0.6, 12.1.2 \t \r\n \r\n\r\n \r\n\r\n\r\nOracle Supply Chain Products Suite Executive Summary\r\n\r\nThis Critical Patch Update contains 2 new security fixes for the Oracle Supply Chain Products Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n\r\n \r\nOracle Supply Chain Products Suite Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2009-3555 \tOracle Transportation Management \tHTTP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tPartial \tNone \tNone \t5.5.06.03, 6.0.6, 6.1.2 \t \r\nCVE-2010-2417 \tAgile PLM \tHTTP \tNone \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tPartial \tNone \t9.3.0.0 \t \r\n \r\n\r\n \r\n\r\n\r\nOracle PeopleSoft and JDEdwards Suite Executive Summary\r\n\r\nThis Critical Patch Update contains 21 new security fixes for the Oracle PeopleSoft and JDEdwards Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n\r\n \r\nOracle PeopleSoft and JDEdwards Suite Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-3532 \tPeopleSoft Enterprise CRM - Order Capture \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t9.0 Bundle #28, 9.1 Bundle #4 \t \r\nCVE-2010-3527 \tPeopleSoft Enterprise FMS - AM \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tNone \tPartial \tPartial \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3537 \tPeopleSoft Enterprise FMS - AM \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3529 \tPeopleSoft Enterprise FMS - Cash Management \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3538 \tPeopleSoft Enterprise FMS - GL \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 91. Bundle #6 \t \r\nCVE-2010-3539 \tPeopleSoft Enterprise FMS - GL \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3531 \tPeopleSoft Enterprise FMS ESA - RM \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3525 \tPeopleSoft Enterprise FMS, SCM, EPM, CRM, Campus Solutions \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 9.0, 9.1 \tSee Note 1\r\nCVE-2010-3520 \tPeopleSoft Enterprise HCM - GP France \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.81 SP1 Bundle #12, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, 9.1 GP Update 2010-E \t \r\nCVE-2010-3530 \tPeopleSoft Enterprise HCM - HR \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t9.0 Bundle #13, 9.1 Bundle #3 \t \r\nCVE-2010-3518 \tPeopleSoft Enterprise HCM GP - Japan \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.81 SP1 Bundle #13, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, 9.1 GP Update 2010-E \t \r\nCVE-2010-3521 \tPeopleSoft Enterprise HCM ePay \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t9.0 thur Payroll Update 10-C, 9.1 thru Payroll Update 10-C \t \r\nCVE-2010-3536 \tPeopleSoft Enterprise SCM \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3526 \tPeopleSoft Enterprise SCM - PO \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3524 \tPeopleSoft Enterprise SCM - Strategic Sourcing \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3533 \tPeopleSoft Enterprise SCM OM and CRM Order Capture \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9, 9.0, 9.1 \tSee Note 1\r\nCVE-2010-3547 \tPeopleSoft FMS ESA - EX \tHTTP \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6 \t \r\nCVE-2010-3523 \tPeopleSoft Enterprise PeopleTools \tHTTP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tPartial \tNone \t8.49.28, 8.50.12 \t \r\nCVE-2010-3528 \tPeopleSoft Enterprise CRM - Common Components \tHTTP \tNone \tNo \t4.0 \tNetwork \tLow \tSingle \tPartial \tNone \tNone \t8.9 Bundle #41, 9.0 Bundle #28, 9.1 Bundle #4 \t \r\nCVE-2010-3519 \tPeopleSoft Enterprise PeopleTools \tHTTP \tNone \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tPartial \tNone \t8.49.28, 8.50.12 \t \r\nCVE-2010-3522 \tPeopleSoft Enterprise PeopleTools \tHTTP \tNone \tNo \t4.0 \tNetwork \tLow \tSingle \tPartial \tNone \tNone \t8.49.28, 8.50.12 \t \r\n \r\n\r\n \r\n\r\nNotes:\r\n\r\n 1. Please refer to Product Pre-Installation documentation for patchset information.\r\n\r\n\r\n\r\nOracle Siebel Suite Executive Summary\r\n\r\nThis Critical Patch Update contains 4 new security fixes for the Oracle Siebel Suite. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password. \r\n\r\n \r\nOracle Siebel Suite Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-2405 \tSiebel Core - Highly Interactive Client \tHTTP \tNone \tNo \t6.0 \tNetwork \tMedium \tSingle \tPartial \tPartial \tPartial \t7.7.2.12, 7.8.2.14, 8.0.0.10, 8.1.1.3 \t \r\nCVE-2010-3500 \tSiebel Core - Highly Interactive Client \tHTTP \tNone \tNo \t6.0 \tNetwork \tMedium \tSingle \tPartial \tPartial \tPartial \t7.7.2.12, 7.8.2.14, 8.0.0.10, 8.1.1.3 \t \r\nCVE-2010-3502 \tSiebel Core \tHTTP \tNone \tNo \t4.0 \tNetwork \tLow \tSingle \tPartial \tNone \tNone \t7.7.2.12, 7.8.2.14, 8.0.0.10, 8.1.1.3 \t \r\nCVE-2010-2406 \tSiebel Core - Highly Interactive Client \tHTTP \tNone \tNo \t4.0 \tNetwork \tLow \tSingle \tPartial \tNone \tNone \t7.7.2.12, 7.8.2.14, 8.0.0.10, 8.1.1.3 \t \r\n \r\n\r\n \r\n\r\n\r\nAppendix - Oracle Primavera Products Suite\r\n\r\n \r\nOracle Primavera Products Suite Executive Summary\r\n\r\nThis Critical Patch Update contains 1 new security fix for the Oracle Primavera Products Suite. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a username and password. \r\n\r\n \r\nOracle Primavera Products Suite Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-3534 \tPrimavera P6 Enterprise Project Portfolio Management \tODBC \tProject Management Module \tNo \t4.6 \tLocal \tLow \tNone \tPartial+ \tPartial+ \tPartial+ \t6.21.3.0, 7.0.1.0 \t \r\n \r\n\r\n \r\n\r\n\r\nAppendix - Oracle Sun Products Suite\r\n\r\n \r\nOracle Sun Products Suite Executive Summary\r\n\r\nThis Critical Patch Update contains 31 new Security fixes for the Oracle Sun Products Suite divided as follows:\r\n\r\n * 26 new security fixes for the Oracle Sun Products Suite. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n * 5 new security fixes for the Oracle Open Office Suite. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n\r\n \r\n\r\nOracle is in the process of aligning the Sun Microsystems policies with Oracle Software Security Assurance policies and procedures. For details, please refer to Changes in security policies for the Sun product lines.\r\nOracle Sun Products Suite Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tSub-\r\ncomponent \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-3509 \tSolaris \tRPC \tScheduler \tYes \t10.0 \tNetwork \tLow \tNone \tComplete \tComplete \tComplete \t8, 9, 10 \t \r\nCVE-2010-3578 \tOpenSolaris \tHTTP \tDepot Server \tYes \t9.0 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tComplete \tOpenSolaris \t \r\nCVE-2010-3507 \tSolaris \tNone \tLive Upgrade \tNo \t6.6 \tLocal \tMedium \tNone \tPartial \tComplete \tComplete \t8, 9, 10 \t \r\nCVE-2010-3577 \tOpenSolaris \tSMB \tKernel/CIFS \tYes \t6.4 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tNone \tOpenSolaris \t \r\nCVE-2010-3575 \tOracle Communications Messaging Server (Sun Java System Messaging Server) \tHTTP \tWeb Mail \tYes \t6.4 \tNetwork \tLow \tNone \tPartial \tPartial \tNone \t6.0, 6.2, 6.3, 7.0 \t \r\nCVE-2010-3564 \tOracle Communications Messaging Server (Sun Java System Messaging Server) \tHTTP \tWebmail \tYes \t6.4 \tNetwork \tLow \tNone \tPartial \tPartial \tNone \t7.0 \t \r\nCVE-2010-3579 \tSun Convergence 1, Sun Java Communications Suite 7 \tHTTP \tWebmail \tYes \t6.4 \tNetwork \tLow \tNone \tPartial \tPartial \tNone \t1.0, 7.0 \t \r\nCVE-2010-3503 \tSolaris \tNone \tsu \tNo \t6.3 \tLocal \tMedium \tNone \tComplete \tComplete \tNone \t10, OpenSolaris \t \r\nCVE-2010-3544 \tOracle iPlanet Web Server (Sun Java System Web Server) \tHTTP \tAdministration \tYes \t5.8 \tNetwork \tMedium \tNone \tNone \tPartial+ \tPartial+ \t7.0 \t \r\nCVE-2010-3545 \tOracle iPlanet Web Server (Sun Java System Web Server) \tHTTP \tAdministration \tYes \t5.8 \tNetwork \tMedium \tNone \tPartial \tPartial \tNone \t7.0 \t \r\nCVE-2010-3546 \tSun Java System Identity Manager \tNone \tNone \tYes \t5.8 \tNetwork \tMedium \tNone \tPartial \tPartial \tNone \t8.1 \t \r\nCVE-2010-3517 \tSolaris \tNone \tKernel/X86 \tNo \t4.9 \tLocal \tLow \tNone \tNone \tNone \tComplete \t10, OpenSolaris \t \r\nCVE-2010-3580 \tSolaris \tNone \tKernel/File System \tNo \t4.6 \tLocal \tLow \tSingle \tNone \tNone \tComplete \tOpenSolaris \t \r\nCVE-2010-3535 \tDirectory Server Enterprise Edition \tNone \tIdentity Synchronization for Windows \tNo \t4.4 \tLocal \tMedium \tNone \tPartial+ \tPartial+ \tPartial+ \t6.0, 6.1, 6.2, 6.3 \t \r\nCVE-2010-3514 \tOracle iPlanet Web Server (Sun Java System Web Server) \tHTTP \tWeb Container \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t6.1, 7.0 \t \r\nCVE-2010-3515 \tSolaris \tNone \tKernel/Disk Driver \tNo \t4.0 \tLocal \tHigh \tNone \tNone \tNone \tComplete \t9, 10, OpenSolaris \t \r\nCVE-2010-3516 \tSolaris \tuDAPL \tInfiniBand \tNo \t4.0 \tLocal \tHigh \tNone \tNone \tNone \tComplete \t10, OpenSolaris \t \r\nCVE-2010-3540 \tSolaris \tNone \tZFS \tNo \t4.0 \tLocal \tHigh \tNone \tNone \tNone \tComplete \t10, OpenSolaris \t \r\nCVE-2010-3576 \tSolaris \tNone \tSCSI enclosure services device driver \tNo \t3.6 \tLocal \tLow \tNone \tNone \tPartial+ \tPartial+ \t8, 9, 10, OpenSolaris \t \r\nCVE-2010-3512 \tOracle iPlanet Web Server (Sun Java System Web Server) \tHTTP \tWebDAV \tNo \t3.5 \tNetwork \tMedium \tSingle \tPartial+ \tNone \tNone \t7.0u8 \t \r\nCVE-2010-3508 \tSolaris \tNone \tSolaris Zones \tNo \t3.2 \tLocal \tLow \tSingle \tPartial \tPartial \tNone \t10 \t \r\nCVE-2010-3506 \tOracle Explorer (Sun Explorer) \tNone \tNone \tNo \t3.0 \tLocal \tMedium \tSingle \tPartial \tPartial \tNone \t6.4 \t \r\nCVE-2010-3511 \tSolaris \tNone \tTooltalk \tNo \t2.6 \tLocal \tHigh \tNone \tNone \tPartial \tPartial \tOpenSolaris \t \r\nCVE-2010-2414 \tSun Convergence 1, Sun Java Communications Suite 7 \tHTTP \tAuthentication mechanism \tYes \t2.6 \tNetwork \tHigh \tNone \tPartial+ \tNone \tNone \t1.0, 7.0 \t \r\nCVE-2010-3513 \tSolaris \tNone \tDevice Drivers \tNo \t2.4 \tLocal \tHigh \tSingle \tNone \tPartial \tPartial \t9, 10, OpenSolaris \t \r\nCVE-2010-3542 \tSolaris \tNone \tUSB \tNo \t1.9 \tLocal \tMedium \tNone \tPartial \tNone \tNone \t8, 9, 10, OpenSolaris \t \r\n \r\n\r\n \r\n\r\n\r\nOracle Open Office Suite Executive Summary\r\n\r\nThis Critical Patch Update contains 5 new security fixes for the Oracle Open Office Suite. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n\r\n \r\nOracle Open Office Suite Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tSub-\r\ncomponent \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2009-3301 \tStarOffice, StarSuite \tTCP/IP \tMicrosoft Word Attachments \tYes \t9.3 \tNetwork \tMedium \tNone \tComplete \tComplete \tComplete \t7, 8, 9 \tSee Note 1\r\nCVE-2009-3302 \tStarOffice, StarSuite \tTCP/IP \tMicrosoft Word Attachments \tYes \t9.3 \tNetwork \tMedium \tNone \tComplete \tComplete \tComplete \t7, 8, 9 \tSee Note 1\r\nCVE-2009-2949 \tStarOffice, StarSuite \tTCP/IP \tXPM Attachments \tYes \t9.3 \tNetwork \tMedium \tNone \tComplete \tComplete \tComplete \t7, 8, 9 \tSee Note 1\r\nCVE-2009-2950 \tStarOffice, StarSuite \tTCP/IP \tGIF Attachments \tYes \t9.3 \tNetwork \tMedium \tNone \tComplete \tComplete \tComplete \t7, 8, 9 \tSee Note 1\r\nCVE-2010-0395 \tStarOffice, StarSuite \tTCP/IP \tpython in .odt Attachments \tYes \t9.3 \tNetwork \tMedium \tNone \tComplete \tComplete \tComplete \t9 \tSee Note 1\r\n \r\n\r\n \r\n\r\nNotes:\r\n\r\n 1. The CVSS Base Score is 9.3 when opening malicious attachments as root/administrator. The impacts for Confidentiality, Integrity and Availability are Complete. The CVSS Base Score is 6.8 when opening with limited privileges. The impacts for Confidentiality, Integrity and Availability are Partial+.\r\n\r\n\r\n\r\nAppendix - Oracle VM\r\n\r\n \r\nOracle VM Executive Summary\r\n\r\nThis Critical Patch Update contains 4 new security fixes for Oracle VM. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password. \r\n\r\n \r\nOracle VM Risk Matrix\r\n\r\nCVE# \tComponent \tProtocol \tSub-\r\ncomponent \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthen-\r\ntication \tConfiden-\r\ntiality \tIntegrity \tAvail-\r\nability\r\nCVE-2010-3582 \tOracleVM \txmlrpc, tcp/ip \tovs-agent \tNo \t9.0 \tNetwork \tLow \tSingle \tComplete \tComplete \tComplete \t2.2.1 \t \r\nCVE-2010-3583 \tOracleVM \txmlrpc, tcp/ip \tovs-agent \tNo \t9.0 \tNetwork \tLow \tSingle \tComplete \tComplete \tComplete \t2.2.1 \t \r\nCVE-2010-3585 \tOracleVM \txmlrpc, tcp/ip \tovs-agent \tNo \t9.0 \tNetwork \tLow \tSingle \tComplete \tComplete \tComplete \t2.2.1 \t \r\nCVE-2010-3584 \tOracle VM \tNone \tovs-agent \tNo \t4.3 \tLocal \tLow \tSingle \tPartial+ \tPartial+ \tPartial+ \t2.2.1 \t \r\n ", "edition": 1, "reporter": "Securityvulns", "published": "2010-10-13T00:00:00", "title": "Oracle Critical Patch Update Advisory - October 2010", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:37", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-2406", "CVE-2010-3584", "CVE-2010-3518", "CVE-2009-3302", "CVE-2009-3301", "CVE-2010-3500", "CVE-2010-3526", "CVE-2010-3502", "CVE-2010-3535", "CVE-2010-3514", "CVE-2010-3503", "CVE-2010-3522", "CVE-2010-2389", "CVE-2010-2412", "CVE-2010-3579", "CVE-2010-3578", "CVE-2010-2414", "CVE-2010-3581", "CVE-2010-3520", "CVE-2010-2409", "CVE-2009-2949", "CVE-2010-3513", "CVE-2010-2416", "CVE-2010-3511", "CVE-2010-3525", "CVE-2010-3540", "CVE-2010-3517", "CVE-2010-2418", "CVE-2010-2417", "CVE-2010-3508", "CVE-2010-2415", "CVE-2010-0395", "CVE-2010-3509", "CVE-2010-3542", "CVE-2010-3575", "CVE-2010-3506", "CVE-2010-2388", "CVE-2010-3507", "CVE-2010-3512", "CVE-2010-3528", "CVE-2010-3538", "CVE-2010-2410", "CVE-2010-2391", "CVE-2010-3523", "CVE-2010-3533", "CVE-2009-2950", "CVE-2010-2395", "CVE-2010-3577", "CVE-2010-3545", "CVE-2010-3529", "CVE-2010-2408", "CVE-2010-2405", "CVE-2010-2407", "CVE-2009-3555", "CVE-2010-2419", "CVE-2010-3583", "CVE-2010-3504", "CVE-2010-3501", "CVE-2010-3527", "CVE-2010-1321", "CVE-2010-2396", "CVE-2010-2411", "CVE-2010-3530", "CVE-2010-3516", "CVE-2010-2390", "CVE-2010-3524", "CVE-2010-3564", "CVE-2010-3546", "CVE-2010-3580", "CVE-2010-3534", "CVE-2010-3576", "CVE-2010-3539", "CVE-2010-3515", "CVE-2010-3521", "CVE-2010-2404", "CVE-2010-3519", "CVE-2010-3582", "CVE-2010-3547", "CVE-2010-3537", "CVE-2010-3532", "CVE-2010-2413", "CVE-2010-3544", "CVE-2010-3531", "CVE-2010-3536", "CVE-2010-3585"], "modified": "2010-10-13T00:00:00", "id": "SECURITYVULNS:DOC:24895", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24895", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-08T12:53:38", "references": ["2010:100", "http://lists.mandriva.com/security-announce/2010-05/msg00026.php"], "pluginID": "1361412562310831042", "description": "Check for the Version of krb5", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-05-28T00:00:00", "title": "Mandriva Update for krb5 MDVSA-2010:100 (krb5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2018-01-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831042", "id": "OPENVAS:1361412562310831042", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2010:100 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in krb5:\n\n Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)\n to crash due to a null pointer dereference in the GSS-API library\n (CVE-2010-1321).\n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products.\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00026.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831042\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:100\");\n script_cve_id(\"CVE-2010-1321\");\n script_name(\"Mandriva Update for krb5 MDVSA-2010:100 (krb5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.2~7.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~6.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~9.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~6.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:04:58", "references": ["http://lists.mandriva.com/security-announce/2010-04/msg00042.php", "2010:130"], "pluginID": "1361412562310831009", "description": "Check for the Version of rpm", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-30T00:00:00", "title": "Mandriva Update for rpm MDVA-2010:130 (rpm)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2018-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831009", "id": "OPENVAS:1361412562310831009", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rpm MDVA-2010:130 (rpm)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rpm on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"This update fixes an issue with rpm filetriggers : when several\n file triggers are ran in parallel and try to read from stdin, a pipe\n filedescriptor leak leads to a deadlock and rpm freezing.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00042.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831009\");\n script_version(\"$Revision: 8287 $\");\n script_cve_id(\"CVE-2010-1321\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-30 14:39:22 +0200 (Fri, 30 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:130\");\n script_name(\"Mandriva Update for rpm MDVA-2010:130 (rpm)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rpm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"librpm4.6\", rpm:\"librpm4.6~4.6.0~6.1.1mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librpm-devel\", rpm:\"librpm-devel~4.6.0~6.1.1mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-rpm\", rpm:\"python-rpm~4.6.0~6.1.1mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.6.0~6.1.1mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.6.0~6.1.1mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64rpm4.6\", rpm:\"lib64rpm4.6~4.6.0~6.1.1mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64rpm-devel\", rpm:\"lib64rpm-devel~4.6.0~6.1.1mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:36", "references": ["2010:100", "http://lists.mandriva.com/security-announce/2010-03/msg00026.php"], "pluginID": "1361412562310830948", "description": "Check for the Version of rootcerts", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "title": "Mandriva Update for rootcerts MDVA-2010:100 (rootcerts)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2017-12-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830948", "id": "OPENVAS:1361412562310830948", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rootcerts MDVA-2010:100 (rootcerts)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Adobe Flash plugin has https support, but only searches for SSL\n certificates in /etc/ssl/certs. This advisory provides a compatibility\n symlink at /etc/ssl/certs pointing to /etc/pki/tls/certs to remedy\n this problem.\n\n Additionally this advisory also brings the latest root CA certs\n from the mozilla cvs dated 2010-02-16. The mozilla nss library has\n consequently been rebuilt to pickup these changes and are also being\n provided.\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\";\n\ntag_affected = \"rootcerts on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00026.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830948\");\n script_version(\"$Revision: 8244 $\");\n script_cve_id(\"CVE-2010-1321\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:100\");\n script_name(\"Mandriva Update for rootcerts MDVA-2010:100 (rootcerts)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rootcerts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20100216.01~1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20100216.01~1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20100216.01~1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20100216.01~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:57:58", "references": ["http://lists.centos.org/pipermail/centos-announce/2010-May/016639.html", "2010:0423"], "pluginID": "880401", "description": "Check for the Version of krb5-devel", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-05-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for krb5-devel CESA-2010:0423 centos3 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2017-12-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880401", "id": "OPENVAS:880401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2010:0423 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third party, the Key Distribution Center (KDC).\n\n A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic\n Security Service Application Program Interface (GSS-API) library. A remote,\n authenticated attacker could use this flaw to crash any server application\n using the GSS-API authentication mechanism, by sending a specially-crafted\n GSS-API token with a missing checksum field. (CVE-2010-1321)\n \n Red Hat would like to thank the MIT Kerberos Team for responsibly reporting\n this issue. Upstream acknowledges Shawn Emery of Oracle as the original\n reporter.\n \n All krb5 users should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running services using the MIT\n Kerberos libraries must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"krb5-devel on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-May/016639.html\");\n script_id(880401);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0423\");\n script_cve_id(\"CVE-2010-1321\");\n script_name(\"CentOS Update for krb5-devel CESA-2010:0423 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.2.7~72\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.2.7~72\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.2.7~72\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.2.7~72\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.2.7~72\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:57", "references": ["2010:0423-01", "https://www.redhat.com/archives/rhsa-announce/2010-May/msg00008.html"], "pluginID": "870268", "description": "Check for the Version of krb5", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-05-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "RedHat Update for krb5 RHSA-2010:0423-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2017-12-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870268", "id": "OPENVAS:870268", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2010:0423-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third party, the Key Distribution Center (KDC).\n\n A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic\n Security Service Application Program Interface (GSS-API) library. A remote,\n authenticated attacker could use this flaw to crash any server application\n using the GSS-API authentication mechanism, by sending a specially-crafted\n GSS-API token with a missing checksum field. (CVE-2010-1321)\n \n Red Hat would like to thank the MIT Kerberos Team for responsibly reporting\n this issue. Upstream acknowledges Shawn Emery of Oracle as the original\n reporter.\n \n All krb5 users should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running services using the MIT\n Kerberos libraries must be restarted for the update to take effect.\";\n\ntag_affected = \"krb5 on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-May/msg00008.html\");\n script_id(870268);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0423-01\");\n script_cve_id(\"CVE-2010-1321\");\n script_name(\"RedHat Update for krb5 RHSA-2010:0423-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~36.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~36.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~36.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~36.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~36.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.3.4~62.el4_8.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~62.el4_8.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~62.el4_8.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~62.el4_8.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~62.el4_8.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.2.7~72\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.2.7~72\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.2.7~72\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.2.7~72\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.2.7~72\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:39", "references": ["http://lists.mandriva.com/security-announce/2010-07/msg00008.php", "2010:130"], "pluginID": "831108", "description": "Check for the Version of heimdal", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Mandriva Update for heimdal MDVSA-2010:130 (heimdal)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2017-12-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831108", "id": "OPENVAS:831108", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for heimdal MDVSA-2010:130 (heimdal)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in heimdal:\n\n Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)\n to crash due to a null pointer dereference in the GSS-API library\n (CVE-2010-1321).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"heimdal on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-07/msg00008.php\");\n script_id(831108);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-12 11:56:20 +0200 (Mon, 12 Jul 2010)\");\n script_xref(name: \"MDVSA\", value: \"2010:130\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2010-1321\");\n script_name(\"Mandriva Update for heimdal MDVSA-2010:130 (heimdal)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of heimdal\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"heimdal-daemons\", rpm:\"heimdal-daemons~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-devel\", rpm:\"heimdal-devel~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-devel-doc\", rpm:\"heimdal-devel-doc~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-ftp\", rpm:\"heimdal-ftp~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-ftpd\", rpm:\"heimdal-ftpd~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-libs\", rpm:\"heimdal-libs~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-login\", rpm:\"heimdal-login~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-rsh\", rpm:\"heimdal-rsh~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-rshd\", rpm:\"heimdal-rshd~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-server\", rpm:\"heimdal-server~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-telnet\", rpm:\"heimdal-telnet~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-telnetd\", rpm:\"heimdal-telnetd~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal-workstation\", rpm:\"heimdal-workstation~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"heimdal\", rpm:\"heimdal~1.2~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:02", "references": ["http://lists.centos.org/pipermail/centos-announce/2010-May/016643.html", "2010:0423"], "pluginID": "880400", "description": "Check for the Version of krb5-devel", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-05-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for krb5-devel CESA-2010:0423 centos4 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880400", "id": "OPENVAS:880400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2010:0423 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third party, the Key Distribution Center (KDC).\n\n A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic\n Security Service Application Program Interface (GSS-API) library. A remote,\n authenticated attacker could use this flaw to crash any server application\n using the GSS-API authentication mechanism, by sending a specially-crafted\n GSS-API token with a missing checksum field. (CVE-2010-1321)\n \n Red Hat would like to thank the MIT Kerberos Team for responsibly reporting\n this issue. Upstream acknowledges Shawn Emery of Oracle as the original\n reporter.\n \n All krb5 users should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running services using the MIT\n Kerberos libraries must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"krb5-devel on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-May/016643.html\");\n script_id(880400);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0423\");\n script_cve_id(\"CVE-2010-1321\");\n script_name(\"CentOS Update for krb5-devel CESA-2010:0423 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:05:04", "references": ["http://lists.centos.org/pipermail/centos-announce/2010-May/016643.html", "2010:0423"], "pluginID": "1361412562310880400", "description": "Check for the Version of krb5-devel", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-05-28T00:00:00", "title": "CentOS Update for krb5-devel CESA-2010:0423 centos4 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880400", "id": "OPENVAS:1361412562310880400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2010:0423 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third party, the Key Distribution Center (KDC).\n\n A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic\n Security Service Application Program Interface (GSS-API) library. A remote,\n authenticated attacker could use this flaw to crash any server application\n using the GSS-API authentication mechanism, by sending a specially-crafted\n GSS-API token with a missing checksum field. (CVE-2010-1321)\n \n Red Hat would like to thank the MIT Kerberos Team for responsibly reporting\n this issue. Upstream acknowledges Shawn Emery of Oracle as the original\n reporter.\n \n All krb5 users should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running services using the MIT\n Kerberos libraries must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"krb5-devel on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-May/016643.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880400\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0423\");\n script_cve_id(\"CVE-2010-1321\");\n script_name(\"CentOS Update for krb5-devel CESA-2010:0423 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.3.4~62.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:48", "references": ["2010:100", "http://lists.mandriva.com/security-announce/2010-03/msg00026.php"], "pluginID": "830948", "description": "Check for the Version of rootcerts", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "title": "Mandriva Update for rootcerts MDVA-2010:100 (rootcerts)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2017-12-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830948", "id": "OPENVAS:830948", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rootcerts MDVA-2010:100 (rootcerts)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Adobe Flash plugin has https support, but only searches for SSL\n certificates in /etc/ssl/certs. This advisory provides a compatibility\n symlink at /etc/ssl/certs pointing to /etc/pki/tls/certs to remedy\n this problem.\n\n Additionally this advisory also brings the latest root CA certs\n from the mozilla cvs dated 2010-02-16. The mozilla nss library has\n consequently been rebuilt to pickup these changes and are also being\n provided.\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\";\n\ntag_affected = \"rootcerts on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00026.php\");\n script_id(830948);\n script_version(\"$Revision: 8092 $\");\n script_cve_id(\"CVE-2010-1321\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:100\");\n script_name(\"Mandriva Update for rootcerts MDVA-2010:100 (rootcerts)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rootcerts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20100216.01~1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20100216.01~1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.4~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20100216.01~1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20100216.01~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20100216.01~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:15", "references": [], "pluginID": "67405", "description": "The remote host is missing an update to krb5\nannounced via advisory DSA 2052-1.", "edition": 2, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-06-03T00:00:00", "title": "Debian Security Advisory DSA 2052-1 (krb5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67405", "id": "OPENVAS:67405", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2052_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2052-1 (krb5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for\nauthenticating users and services on a network, a null pointer\ndereference flaw in the Generic Security Service Application Program\nInterface (GSS-API) library could allow an authenticated remote attacker\nto crash any server application using the GSS-API authentication\nmechanism, by sending a specially-crafted GSS-API token with a missing\nchecksum field.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny4.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.8.1+dfsg-3.\n\nFor the testing distribution (sid), this problem has been fixed in\nversion 1.8.1+dfsg-3.\n\nWe recommend that you upgrade your krb5 packages.\";\ntag_summary = \"The remote host is missing an update to krb5\nannounced via advisory DSA 2052-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202052-1\";\n\n\nif(description)\n{\n script_id(67405);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-03 22:55:24 +0200 (Thu, 03 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2010-1321\");\n script_name(\"Debian Security Advisory DSA 2052-1 (krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-5lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:50:53", "references": ["http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-005.txt", "http://rhn.redhat.com/errata/RHSA-2010-0423.html", "https://www.redhat.com/security/data/cve/CVE-2010-1321.html"], "pluginID": "46665", "description": "Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC).\n\nA NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field. (CVE-2010-1321)\n\nRed Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2010-05-19T00:00:00", "title": "RHEL 3 / 4 / 5 : krb5 (RHSA-2010:0423)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:krb5-server"], "id": "REDHAT-RHSA-2010-0423.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46665", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0423. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46665);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/07/25 18:58:05\");\n\n script_cve_id(\"CVE-2010-1321\");\n script_bugtraq_id(40235);\n script_xref(name:\"RHSA\", value:\"2010:0423\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : krb5 (RHSA-2010:0423)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nA NULL pointer dereference flaw was discovered in the MIT Kerberos\nGeneric Security Service Application Program Interface (GSS-API)\nlibrary. A remote, authenticated attacker could use this flaw to crash\nany server application using the GSS-API authentication mechanism, by\nsending a specially crafted GSS-API token with a missing checksum\nfield. (CVE-2010-1321)\n\nRed Hat would like to thank the MIT Kerberos Team for responsibly\nreporting this issue. Upstream acknowledges Shawn Emery of Oracle as\nthe original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1321.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-005.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0423.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0423\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-devel-1.2.7-72\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-libs-1.2.7-72\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-server-1.2.7-72\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-workstation-1.2.7-72\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-devel-1.3.4-62.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-libs-1.3.4-62.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-server-1.3.4-62.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-workstation-1.3.4-62.el4_8.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"krb5-devel-1.6.1-36.el5_5.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"krb5-libs-1.6.1-36.el5_5.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"krb5-server-1.6.1-36.el5_5.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"krb5-server-1.6.1-36.el5_5.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"krb5-server-1.6.1-36.el5_5.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"krb5-workstation-1.6.1-36.el5_5.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"krb5-workstation-1.6.1-36.el5_5.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"krb5-workstation-1.6.1-36.el5_5.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:41", "references": ["http://support.novell.com/security/cve/CVE-2010-1321.html", "https://bugzilla.novell.com/show_bug.cgi?id=596826"], "pluginID": "50927", "description": "This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C))", "edition": 4, "reporter": "Tenable", "published": "2010-12-02T00:00:00", "title": "SuSE 11 Security Update : krb5 (SAT Patch Number 2437)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:krb5-apps-servers", "p-cpe:/a:novell:suse_linux:11:krb5-apps-clients", "p-cpe:/a:novell:suse_linux:11:krb5", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:krb5-client", "p-cpe:/a:novell:suse_linux:11:krb5-server", "p-cpe:/a:novell:suse_linux:11:krb5-32bit"], "id": "SUSE_11_KRB5-100520.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50927);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:46:55 $\");\n\n script_cve_id(\"CVE-2010-1321\");\n\n script_name(english:\"SuSE 11 Security Update : krb5 (SAT Patch Number 2437)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a denial-of-service vulnerability in kadmind. A\nremote attack can send a malformed GSS-API token that triggers a NULL\npointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM)\n(AV:N/AC:L/Au:S/C:N/I:N/A:C))\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1321.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2437.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:krb5-apps-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:krb5-apps-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"krb5-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"krb5-client-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"krb5-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"krb5-32bit-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"krb5-client-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"krb5-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"krb5-apps-clients-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"krb5-apps-servers-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"krb5-client-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"krb5-server-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"krb5-32bit-1.6.3-133.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"krb5-32bit-1.6.3-133.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:21", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-May/001471.html", "https://oss.oracle.com/pipermail/el-errata/2010-May/001470.html", "https://oss.oracle.com/pipermail/el-errata/2010-May/001466.html"], "pluginID": "68041", "description": "From Red Hat Security Advisory 2010:0423 :\n\nUpdated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC).\n\nA NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field. (CVE-2010-1321)\n\nRed Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2010-0423)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-workstation", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2010-0423.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68041", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0423 and \n# Oracle Linux Security Advisory ELSA-2010-0423 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68041);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-1321\");\n script_bugtraq_id(40235);\n script_xref(name:\"RHSA\", value:\"2010:0423\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2010-0423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0423 :\n\nUpdated krb5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nA NULL pointer dereference flaw was discovered in the MIT Kerberos\nGeneric Security Service Application Program Interface (GSS-API)\nlibrary. A remote, authenticated attacker could use this flaw to crash\nany server application using the GSS-API authentication mechanism, by\nsending a specially crafted GSS-API token with a missing checksum\nfield. (CVE-2010-1321)\n\nRed Hat would like to thank the MIT Kerberos Team for responsibly\nreporting this issue. Upstream acknowledges Shawn Emery of Oracle as\nthe original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-May/001466.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-May/001470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-May/001471.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-devel-1.2.7-72\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-devel-1.2.7-72\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-libs-1.2.7-72\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-libs-1.2.7-72\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-server-1.2.7-72\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-server-1.2.7-72\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-workstation-1.2.7-72\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-workstation-1.2.7-72\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"krb5-devel-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"krb5-libs-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"krb5-server-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"krb5-workstation-1.3.4-62.el4_8.2\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"krb5-devel-1.6.1-36.el5_5.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-libs-1.6.1-36.el5_5.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-server-1.6.1-36.el5_5.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-workstation-1.6.1-36.el5_5.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:19", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=596826", "http://lists.opensuse.org/opensuse-updates/2010-05/msg00027.html"], "pluginID": "46727", "description": "This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C))", "edition": 4, "reporter": "Tenable", "published": "2010-05-26T00:00:00", "title": "openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5-apps-clients", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-server", "p-cpe:/a:novell:opensuse:krb5-client", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:opensuse:krb5-apps-servers", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5"], "id": "SUSE_11_0_KRB5-100521.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-2443.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46727);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:38:13 $\");\n\n script_cve_id(\"CVE-2010-1321\");\n\n script_name(english:\"openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)\");\n script_summary(english:\"Check for the krb5-2443 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a denial-of-service vulnerability in kadmind. A\nremote attack can send a malformed GSS-API token that triggers a NULL\npointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM)\n(AV:N/AC:L/Au:S/C:N/I:N/A:C))\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-05/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596826\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"krb5-1.6.3-50.11\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"krb5-apps-clients-1.6.3-50.11\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"krb5-apps-servers-1.6.3-50.11\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"krb5-client-1.6.3-50.11\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"krb5-devel-1.6.3-50.11\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"krb5-plugin-kdb-ldap-1.6.3-9.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"krb5-plugin-preauth-pkinit-1.6.3-9.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"krb5-server-1.6.3-50.11\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"krb5-32bit-1.6.3-50.11\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.6.3-50.11\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:12", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=582466", "http://www.nessus.org/u?8dae9526"], "pluginID": "47510", "description": "Shawn Emery discovered a remotely-triggerable NULL pointer dereference in the Kerberos GSS-API library which could be used to cause GSS-API-authenticated services to crash. This update incorporates fixes to instead correctly detect the error and return an error code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 13 : krb5-1.7.1-10.fc13 (2010-8749)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2015-10-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:krb5"], "id": "FEDORA_2010-8749.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47510", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-8749.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47510);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:47:26 $\");\n\n script_cve_id(\"CVE-2010-1321\");\n script_xref(name:\"FEDORA\", value:\"2010-8749\");\n\n script_name(english:\"Fedora 13 : krb5-1.7.1-10.fc13 (2010-8749)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Shawn Emery discovered a remotely-triggerable NULL pointer dereference\nin the Kerberos GSS-API library which could be used to cause\nGSS-API-authenticated services to crash. This update incorporates\nfixes to instead correctly detect the error and return an error code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=582466\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dae9526\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"krb5-1.7.1-10.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:32:34", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=596826", "http://lists.opensuse.org/opensuse-updates/2010-05/msg00027.html"], "pluginID": "46728", "description": "This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C))", "edition": 4, "reporter": "Tenable", "published": "2010-05-26T00:00:00", "title": "openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5-apps-clients", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-server", "p-cpe:/a:novell:opensuse:krb5-client", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:opensuse:krb5-apps-servers", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5"], "id": "SUSE_11_1_KRB5-100521.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46728", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-2443.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46728);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:49:35 $\");\n\n script_cve_id(\"CVE-2010-1321\");\n\n script_name(english:\"openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)\");\n script_summary(english:\"Check for the krb5-2443 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a denial-of-service vulnerability in kadmind. A\nremote attack can send a malformed GSS-API token that triggers a NULL\npointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM)\n(AV:N/AC:L/Au:S/C:N/I:N/A:C))\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-05/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596826\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"krb5-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"krb5-apps-clients-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"krb5-apps-servers-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"krb5-client-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"krb5-devel-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"krb5-plugin-kdb-ldap-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"krb5-plugin-preauth-pkinit-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"krb5-server-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"krb5-32bit-1.6.3-132.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.6.3-132.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:05", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=596826", "http://lists.opensuse.org/opensuse-updates/2010-05/msg00027.html"], "pluginID": "46730", "description": "This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C))", "edition": 4, "reporter": "Tenable", "published": "2010-05-26T00:00:00", "title": "openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5-apps-clients", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-server", "p-cpe:/a:novell:opensuse:krb5-client", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:krb5-apps-servers", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5"], "id": "SUSE_11_2_KRB5-100521.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46730", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-2443.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46730);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:00:36 $\");\n\n script_cve_id(\"CVE-2010-1321\");\n\n script_name(english:\"openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)\");\n script_summary(english:\"Check for the krb5-2443 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a denial-of-service vulnerability in kadmind. A\nremote attack can send a malformed GSS-API token that triggers a NULL\npointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM)\n(AV:N/AC:L/Au:S/C:N/I:N/A:C))\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-05/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596826\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"krb5-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"krb5-apps-clients-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"krb5-apps-servers-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"krb5-client-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"krb5-devel-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"krb5-plugin-kdb-ldap-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"krb5-plugin-preauth-pkinit-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"krb5-server-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"krb5-32bit-1.7-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.7-6.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:33", "references": ["http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"], "pluginID": "46678", "description": "A vulnerability has been found and corrected in krb5 :\n\nCertain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a NULL pointer dereference in the GSS-API library (CVE-2010-1321).\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.\n\nThe updated packages have been patched to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2010-05-20T00:00:00", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2010:100)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:libkrb53", "p-cpe:/a:mandriva:linux:krb5-server", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:ftp-server-krb5", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:krb5", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:lib64krb53", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:ftp-client-krb5", "p-cpe:/a:mandriva:linux:libkrb53-devel", "p-cpe:/a:mandriva:linux:telnet-client-krb5", "p-cpe:/a:mandriva:linux:telnet-server-krb5"], "id": "MANDRIVA_MDVSA-2010-100.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46678", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:100. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46678);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2010-1321\");\n script_bugtraq_id(40235);\n script_xref(name:\"MDVSA\", value:\"2010:100\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2010:100)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in krb5 :\n\nCertain invalid GSS-API tokens can cause a GSS-API acceptor (server)\nto crash due to a NULL pointer dereference in the GSS-API library\n(CVE-2010-1321).\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ftp-client-krb5-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ftp-server-krb5-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-server-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-workstation-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkrb53-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"telnet-client-krb5-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"telnet-server-krb5-1.6.2-7.6mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"ftp-client-krb5-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ftp-server-krb5-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"krb5-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"krb5-server-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"krb5-workstation-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkrb53-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"telnet-client-krb5-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"telnet-server-krb5-1.6.3-6.5mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"ftp-client-krb5-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"ftp-server-krb5-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"krb5-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"krb5-server-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"krb5-workstation-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libkrb53-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"telnet-client-krb5-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"telnet-server-krb5-1.6.3-9.3mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"ftp-client-krb5-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"ftp-server-krb5-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"krb5-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"krb5-server-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"krb5-workstation-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkrb53-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"telnet-client-krb5-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"telnet-server-krb5-1.6.3-10.3mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:28", "references": ["http://www.nessus.org/u?a754f3cf", "http://lists.centos.org/pipermail/centos-announce/2010-May/016639.html", "http://lists.centos.org/pipermail/centos-announce/2010-May/016641.html", "http://www.nessus.org/u?6ba99c4c", "http://lists.centos.org/pipermail/centos-announce/2010-May/016643.html", "http://lists.centos.org/pipermail/centos-announce/2010-May/016644.html"], "pluginID": "46694", "description": "Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC).\n\nA NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field. (CVE-2010-1321)\n\nRed Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2010-05-24T00:00:00", "title": "CentOS 3 / 4 / 5 : krb5 (CESA-2010:0423)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2018-07-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-workstation", "p-cpe:/a:centos:centos:krb5-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:krb5-server", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:krb5-libs", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2010-0423.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0423 and \n# CentOS Errata and Security Advisory 2010:0423 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46694);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/02 18:48:52\");\n\n script_cve_id(\"CVE-2010-1321\");\n script_bugtraq_id(40235);\n script_xref(name:\"RHSA\", value:\"2010:0423\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : krb5 (CESA-2010:0423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nA NULL pointer dereference flaw was discovered in the MIT Kerberos\nGeneric Security Service Application Program Interface (GSS-API)\nlibrary. A remote, authenticated attacker could use this flaw to crash\nany server application using the GSS-API authentication mechanism, by\nsending a specially crafted GSS-API token with a missing checksum\nfield. (CVE-2010-1321)\n\nRed Hat would like to thank the MIT Kerberos Team for responsibly\nreporting this issue. Upstream acknowledges Shawn Emery of Oracle as\nthe original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2010-June/016711.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ba99c4c\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2010-June/016712.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a754f3cf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2010-May/016639.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2010-May/016641.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2010-May/016643.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2010-May/016644.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"krb5-devel-1.2.7-72\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"krb5-devel-1.2.7-72\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"krb5-libs-1.2.7-72\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"krb5-libs-1.2.7-72\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"krb5-server-1.2.7-72\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"krb5-server-1.2.7-72\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"krb5-workstation-1.2.7-72\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"krb5-workstation-1.2.7-72\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-devel-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-devel-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-libs-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-libs-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-server-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-server-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-workstation-1.3.4-62.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-workstation-1.3.4-62.el4_8.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-devel-1.6.1-36.el5_5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-libs-1.6.1-36.el5_5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-server-1.6.1-36.el5_5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-workstation-1.6.1-36.el5_5.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:44", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261", "http://www.debian.org/security/2010/dsa-2052"], "pluginID": "46724", "description": "Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a NULL pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field.", "edition": 4, "reporter": "Tenable", "published": "2010-05-26T00:00:00", "title": "Debian DSA-2052-1 : krb5 - NULL pointer dereference", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1321"], "modified": "2016-05-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:krb5", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2052.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2052. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46724);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/05/05 14:58:41 $\");\n\n script_cve_id(\"CVE-2010-1321\");\n script_bugtraq_id(40235);\n script_xref(name:\"DSA\", value:\"2052\");\n\n script_name(english:\"Debian DSA-2052-1 : krb5 - NULL pointer dereference\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for\nauthenticating users and services on a network, a NULL pointer\ndereference flaw in the Generic Security Service Application Program\nInterface (GSS-API) library could allow an authenticated remote\nattacker to crash any server application using the GSS-API\nauthentication mechanism, by sending a specially crafted GSS-API token\nwith a missing checksum field.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2010/dsa-2052\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the krb5 packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"krb5-admin-server\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-clients\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-doc\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-ftpd\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-kdc\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-kdc-ldap\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-pkinit\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-rsh-server\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-telnetd\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-user\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkadm55\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkrb5-dbg\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkrb5-dev\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkrb53\", reference:\"1.6.dfsg.4~beta1-5lenny4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:11:25", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 40235\r\nCVE ID: CVE-2010-1321\r\n\r\nKerberos\u662f\u4e00\u6b3e\u5e7f\u6cdb\u4f7f\u7528\u7684\u4f7f\u7528\u5f3a\u58ee\u7684\u52a0\u5bc6\u6765\u9a8c\u8bc1\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u7aef\u7684\u7f51\u7edc\u534f\u8bae\u3002MIT Kerberos 5\u662f\u4e00\u79cd\u5e38\u7528\u7684\u5f00\u6e90Kerberos\u5b9e\u73b0\u3002\r\n\r\nMIT Kerberos\u7684GSS-API\u5e93\u4e2d\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\u9519\u8bef\uff0c\u901a\u8fc7\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u53d1\u9001\u7f3a\u5c11\u6821\u9a8c\u548c\u5b57\u6bb5\u7684\u7279\u5236GSS-API\u4ee4\u724c\u6765\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u4f7f\u7528GSS-API\u8ba4\u8bc1\u673a\u5236\u7684\u670d\u52a1\u5668\u5e94\u7528\u5d29\u6e83\u3002\n\nMIT Kerberos 5 1.8\r\nMIT Kerberos 5 1.7\r\nMIT Kerberos 5 1.6\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMIT\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://web.mit.edu/kerberos/advisories/2010-005-patch.txt\r\nhttp://web.mit.edu/kerberos/advisories/2010-005-patch.txt.asc\r\nhttp://web.mit.edu/kerberos/advisories/2010-005-patch_r16.txt\r\nhttp://web.mit.edu/kerberos/advisories/2010-005-patch_r16.txt.asc\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0423-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0423-01\uff1aImportant: krb5 security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0423.html", "reporter": "Root", "published": "2010-05-20T00:00:00", "type": "seebug", "title": "MIT Kerberos GSS-API\u6821\u9a8c\u548c\u7a7a\u6307\u9488\u5f15\u7528\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1321"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-05-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19661", "id": "SSV:19661", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "status": "details"}, {"lastseen": "2017-11-19T18:00:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "CVE ID: CVE-2005-4268,CVE-2010-0624,CVE-2007-4476,CVE-2010-2063,CVE-2010-1321,CVE-2010-1168,CVE-2010-1447,CVE-2008-5302,CVE-2008-5303\r\n\r\nVMware ESX Server\u662f\u4e3a\u9002\u7528\u4e8e\u4efb\u4f55\u7cfb\u7edf\u73af\u5883\u7684\u4f01\u4e1a\u7ea7\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\u3002\r\n\r\nESX Console OS (COS)\u5728cpio\u3001tar\u3001perl\u3001krb5\u3001samba\u7b49\u5e94\u7528\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5176\u4e2d\u6700\u4e25\u91cd\u7684\u6f0f\u6d1e\u53ef\u9020\u6210\u670d\u52a1\u5668\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nVMWare ESX Server\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nVMWare\r\n------\r\nVMWare\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08VMSA-2010-0013\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nVMSA-2010-0013\uff1aVMware ESX third party updates for Service Console\r\n\r\n\u94fe\u63a5\uff1ahttp://www.vmware.com/security/advisories/VMSA-2010-0013.html", "reporter": "Root", "published": "2012-01-13T00:00:00", "title": "VMware ESX Service Console\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4268", "CVE-2007-4476", "CVE-2008-5302", "CVE-2008-5303", "CVE-2010-0624", "CVE-2010-1168", "CVE-2010-1321", "CVE-2010-1447", "CVE-2010-2063"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2012-01-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30015", "id": "SSV:30015", "sourceData": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}], "debian": [{"lastseen": "2016-09-02T18:34:04", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1.orig", "packageFilename": "krb5_1.6.dfsg.4~beta1.orig.tar.gz", "arch": "src", "packageName": "krb5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_sparc.deb", "arch": "sparc", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_arm.deb", "arch": "arm", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_i386.deb", "arch": "i686", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_hppa.deb", "arch": "hppa", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5_1.6.dfsg.4~beta1-5lenny4.dsc", "arch": "src", "packageName": "krb5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_armel.deb", "arch": "armel", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "libkrb5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb53_1.6.dfsg.4~beta1-5lenny4_alpha.deb", "arch": "alpha", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-kdc_1.6.dfsg.4~beta1-5lenny4_amd64.deb", "arch": "x86-64", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-clients_1.6.dfsg.4~beta1-5lenny4_s390.deb", "arch": "s390x", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkadm55_1.6.dfsg.4~beta1-5lenny4_mips.deb", "arch": "mips", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-doc_1.6.dfsg.4~beta1-5lenny4_all.deb", "arch": "all", "packageName": "krb5-doc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_powerpc.deb", "arch": "ppc", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_mipsel.deb", "arch": "mipsel", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4.diff", "packageFilename": "krb5_1.6.dfsg.4~beta1-5lenny4.diff.gz", "arch": "src", "packageName": "krb5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "krb5-user_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.dfsg.4~beta1-5lenny4", "packageFilename": "libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_ia64.deb", "arch": "ia64", "packageName": "libkrb5-dev", "operator": "lt"}], "edition": 1, "description": "Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.\n\nFor the stable distribution (lenny), this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny4.\n\nFor the testing distribution (squeeze), this problem has been fixed in version 1.8.1+dfsg-3.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.8.1+dfsg-3.\n\nWe recommend that you upgrade your krb5 packages.", "reporter": "Debian", "published": "2010-05-24T00:00:00", "type": "debian", "title": "krb5 -- null pointer dereference", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1321"], "modified": "2010-05-24T00:00:00", "id": "DSA-2052", "href": "http://www.debian.org/security/dsa-2052", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:44:56", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0423.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.x86_64.rpm", "packageName": "krb5-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-devel-1.2.7-72.x86_64.rpm", "packageName": "krb5-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-workstation", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-libs-1.2.7-72.x86_64.rpm", "packageName": "krb5-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.x86_64.rpm", "packageName": "krb5-workstation", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-server-1.2.7-72.i386.rpm", "packageName": "krb5-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-libs-1.2.7-72.i386.rpm", "packageName": "krb5-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-libs-1.2.7-72.i386.rpm", "packageName": "krb5-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-devel-1.2.7-72.i386.rpm", "packageName": "krb5-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.x86_64.rpm", "packageName": "krb5-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-1.2.7-72.src.rpm", "packageName": "krb5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-1.2.7-72.src.rpm", "packageName": "krb5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.x86_64.rpm", "packageName": "krb5-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.x86_64.rpm", "packageName": "krb5-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.x86_64.rpm", "packageName": "krb5-workstation", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-workstation", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-server-1.2.7-72.x86_64.rpm", "packageName": "krb5-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-1.6.1-36.el5_5.4.src.rpm", "packageName": "krb5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-1.6.1-36.el5_5.4.src.rpm", "packageName": "krb5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-workstation-1.2.7-72.i386.rpm", "packageName": "krb5-workstation", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-72", "packageFilename": "krb5-workstation-1.2.7-72.x86_64.rpm", "packageName": "krb5-workstation", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-1.3.4-62.el4_8.2.src.rpm", "packageName": "krb5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "packageFilename": "krb5-1.3.4-62.el4_8.2.src.rpm", "packageName": "krb5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.x86_64.rpm", "packageName": "krb5-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.x86_64.rpm", "packageName": "krb5-libs", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0423\n\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nA NULL pointer dereference flaw was discovered in the MIT Kerberos Generic\nSecurity Service Application Program Interface (GSS-API) library. A remote,\nauthenticated attacker could use this flaw to crash any server application\nusing the GSS-API authentication mechanism, by sending a specially-crafted\nGSS-API token with a missing checksum field. (CVE-2010-1321)\n\nRed Hat would like to thank the MIT Kerberos Team for responsibly reporting\nthis issue. Upstream acknowledges Shawn Emery of Oracle as the original\nreporter.\n\nAll krb5 users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running services using the MIT\nKerberos libraries must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/016711.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/016712.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016639.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016641.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016643.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016644.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0423.html", "edition": 2, "reporter": "CentOS Project", "published": "2010-05-21T23:00:31", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "krb5 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1321"], "modified": "2010-06-01T13:20:58", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016639.html", "id": "CESA-2010:0423", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-05-27T21:42:38", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "src", "packageName": "krb5", "packageFilename": "krb5-1.3.4-62.el4_8.2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ia64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ia64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ia64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ia64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "x86_64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "x86_64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "x86_64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "x86_64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ppc", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ppc", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ppc", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ppc64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ppc", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "s390", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "s390", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "s390", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "s390", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "s390x", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "s390x", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "s390x", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "s390x", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "x86_64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "x86_64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "src", "packageName": "krb5", "packageFilename": "krb5-1.6.1-36.el5_5.4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ppc", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ppc64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ppc64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ppc", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ppc", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ppc", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "s390", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "s390x", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "s390x", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "s390", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "s390x", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "s390x", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "x86_64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "x86_64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ia64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ia64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ia64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ia64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.ia64.rpm", "operator": "lt"}], "description": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nA NULL pointer dereference flaw was discovered in the MIT Kerberos Generic\nSecurity Service Application Program Interface (GSS-API) library. A remote,\nauthenticated attacker could use this flaw to crash any server application\nusing the GSS-API authentication mechanism, by sending a specially-crafted\nGSS-API token with a missing checksum field. (CVE-2010-1321)\n\nRed Hat would like to thank the MIT Kerberos Team for responsibly reporting\nthis issue. Upstream acknowledges Shawn Emery of Oracle as the original\nreporter.\n\nAll krb5 users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running services using the MIT\nKerberos libraries must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2010-05-18T04:00:00", "type": "redhat", "title": "(RHSA-2010:0423) Important: krb5 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1321"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2010:0423", "href": "https://access.redhat.com/errata/RHSA-2010:0423", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-javacomm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-plugin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm-javacomm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-javacomm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm-javacomm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390x", "packageFilename": "java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.s390x.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390x", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.s390x.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390x", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.s390x.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "s390x", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.s390x.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ia64", "packageFilename": "java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.ia64.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ia64", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.ia64.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ia64", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.ia64.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.7-1jpp.3.el5", "arch": "ia64", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.ia64.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}], "description": "The IBM 1.4.2 SR13-FP7 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes two vulnerabilities in the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit. Detailed vulnerability\ndescriptions are linked from the IBM \"Security alerts\" page, listed in the\nReferences section. (CVE-2010-1321, CVE-2010-3574)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP7 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2010-12-01T05:00:00", "type": "redhat", "title": "(RHSA-2010:0935) Moderate: java-1.4.2-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1321", "CVE-2010-3574"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:09:37", "id": "RHSA-2010:0935", "href": "https://access.redhat.com/errata/RHSA-2010:0935", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:29", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-demo", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-devel", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-javacomm", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-jdbc", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-plugin", "packageFilename": "java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.2.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-src", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-demo", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-devel", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-javacomm", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-src", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-demo", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-devel", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-javacomm", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-jdbc", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-src", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-demo", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-devel", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-javacomm", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-src", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-demo", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-devel", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-jdbc", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-src", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-demo", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-devel", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-src", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-demo", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-devel", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.2.el5", "packageName": "java-1.4.2-ibm-src", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}], "description": "The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes two vulnerabilities in the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit. Detailed vulnerability\ndescriptions are linked from the IBM \"Security alerts\" page, listed in the\nReferences section. (CVE-2010-1321, CVE-2010-3574)\n\nNote: The RHSA-2010:0935 java-1.4.2-ibm update did not, unlike the erratum\ntext stated, provide fixes for the above issues.\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-01-17T05:00:00", "type": "redhat", "title": "(RHSA-2011:0152) Moderate: java-1.4.2-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1321", "CVE-2010-3574"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:54:31", "id": "RHSA-2011:0152", "href": "https://access.redhat.com/errata/RHSA-2011:0152", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:58:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "i686", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "ppc", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "s390", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "s390x", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "s390x", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "s390x", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.2-1jpp.1.el6", "arch": "s390x", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.s390x.rpm", "operator": "lt"}], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-1321, CVE-2010-3541,\nCVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556,\nCVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568,\nCVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP2 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2010-11-10T05:00:00", "type": "redhat", "title": "(RHSA-2010:0873) Critical: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1321", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3556", "CVE-2010-3559", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:24", "id": "RHSA-2010:0873", "href": "https://access.redhat.com/errata/RHSA-2010:0873", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:53", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.12.2-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.2-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.12.2-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.12.2-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.12.2-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.2-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.12.2-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.2-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.12.2-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.2-1jpp.1.el5", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-1321, CVE-2010-3541,\nCVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556,\nCVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568,\nCVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)\n\nThe RHSA-2010:0130 update mitigated a man-in-the-middle attack in the way\nthe TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols\nhandle session renegotiation by disabling renegotiation. This update\nimplements the TLS Renegotiation Indication Extension as defined in RFC\n5746, allowing secure renegotiation between updated clients and servers.\n(CVE-2009-3555)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP2 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2010-10-27T04:00:00", "type": "redhat", "title": "(RHSA-2010:0807) Critical: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-1321", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3556", "CVE-2010-3559", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:54:13", "id": "RHSA-2010:0807", "href": "https://access.redhat.com/errata/RHSA-2010:0807", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:58:28", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "i386", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.3.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "i686", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "ppc", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "s390", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.4.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.s390x.rpm", "operator": "lt"}], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment. Detailed vulnerability descriptions are linked from the IBM\n\"Security alerts\" page, listed in the References section. (CVE-2009-3555,\nCVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,\nCVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,\nCVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,\nCVE-2010-3573, CVE-2010-3574)\n\nThis update also fixes the following bugs:\n\n* An error in the java-1.6.0-ibm RPM spec file caused an incorrect path to\nbe included in HtmlConverter, preventing it from running. (BZ#659716)\n\n* On AMD64 and Intel 64 systems, if only the 64-bit java-1.6.0-ibm packages\nwere installed, IBM Java 6 Web Start was not available as an application\nthat could open JNLP (Java Network Launching Protocol) files. This affected\nfile management and web browser tools. Users had to manually open them with\nthe \"/usr/lib/jvm/jre-1.6.0-ibm.x86_64/bin/javaws\" command. This update\nresolves this issue. (BZ#633341)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2010-12-15T05:00:00", "type": "redhat", "title": "(RHSA-2010:0987) Critical: java-1.6.0-ibm security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-1321", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3555", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3558", "CVE-2010-3560", "CVE-2010-3562", "CVE-2010-3563", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:22", "id": "RHSA-2010:0987", "href": "https://access.redhat.com/errata/RHSA-2010:0987", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-28T10:58:07", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [], "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the \"Oracle Java SE and Java\nfor Business Critical Patch Update Advisory\" page, listed in the References\nsection. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549,\nCVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554,\nCVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559,\nCVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570,\nCVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)\n\nThe RHSA-2010:0337 update mitigated a man-in-the-middle attack in the way\nthe TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols\nhandle session renegotiation by disabling renegotiation. This update\nimplements the TLS Renegotiation Indication Extension as defined in RFC\n5746, allowing secure renegotiation between updated clients and servers.\n(CVE-2009-3555)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\n", "reporter": "RedHat", "published": "2010-10-14T04:00:00", "type": "redhat", "title": "(RHSA-2010:0770) Critical: java-1.6.0-sun security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-1321", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3555", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3558", "CVE-2010-3559", "CVE-2010-3560", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3563", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3570", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-27T01:59:22", "id": "RHSA-2010:0770", "href": "https://access.redhat.com/errata/RHSA-2010:0770", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:01", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "s390x", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390x.rpm", "packageName": "java-1.6.0-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm", "packageName": "java-1.6.0-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "src", "packageFilename": "java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.src.rpm", "packageName": "java-1.6.0-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm", "packageName": "java-1.6.0-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm", "packageName": "java-1.6.0-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm", "packageName": "java-1.6.0-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "s390x", "packageFilename": "java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390x.rpm", "packageName": "java-1.6.0-ibm", "operator": "lt"}], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite 5.4.1. In\na typical operating environment, these are of low security risk as the\nruntime is not used on untrusted applets.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment. Detailed vulnerability descriptions are linked from the IBM\n\"Security alerts\" page, listed in the References section. (CVE-2009-3555,\nCVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,\nCVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,\nCVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,\nCVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475, CVE-2010-4476)\n\nUsers of Red Hat Network Satellite 5.4.1 are advised to upgrade to these\nupdated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java\nrelease. For this update to take effect, Red Hat Network Satellite must be\nrestarted. Refer to the Solution section for details.\n", "reporter": "RedHat", "published": "2011-06-16T04:00:00", "type": "redhat", "title": "(RHSA-2011:0880) Low: Red Hat Network Satellite server IBM Java Runtime security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3563", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-3565", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4422", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-3541", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-4476", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-1321", "CVE-2010-3556", "CVE-2010-4447", "CVE-2010-3549", "CVE-2010-3555", "CVE-2010-3573", "CVE-2010-3548", "CVE-2010-4467", "CVE-2010-3568", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2016-04-04T18:36:46", "id": "RHSA-2011:0880", "href": "https://access.redhat.com/errata/RHSA-2011:0880", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:33", "references": ["https://usn.ubuntu.com/usn/usn-940-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1321"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-admin-server", "operator": "lt"}], "description": "USN-940-1 fixed vulnerabilities in Kerberos. This update provides the corresponding updates for Ubuntu 10.04.\n\nOriginal advisory details:\n\nJoel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321)", "edition": 3, "reporter": "Ubuntu", "published": "2010-07-21T00:00:00", "title": "Kerberos vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1320", "CVE-2010-1321"], "modified": "2010-07-21T00:00:00", "id": "USN-940-2", "href": "https://usn.ubuntu.com/940-2/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:45", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1320", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5972", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1321", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5902", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5971"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "1.4.3-5ubuntu0.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1.7dfsg~beta3-1ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.6.dfsg.3~beta1-2ubuntu1.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "1.4.3-5ubuntu0.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1.6.dfsg.4~beta1-5ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1.7dfsg~beta3-1ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1.6.dfsg.4~beta1-5ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.6.dfsg.3~beta1-2ubuntu1.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-admin-server", "operator": "lt"}], "description": "It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)\n\nJoel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321)", "edition": 3, "reporter": "Ubuntu", "published": "2010-05-19T00:00:00", "title": "Kerberos vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1320", "CVE-2007-5972", "CVE-2007-5971", "CVE-2010-1321", "CVE-2007-5902"], "modified": "2010-05-19T00:00:00", "id": "USN-940-1", "href": "https://usn.ubuntu.com/940-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:46", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ia64", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.ia64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "x86_64", "packageFilename": "krb5-server-1.2.7-72.x86_64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "src", "packageFilename": "krb5-1.2.7-72.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "src", "packageFilename": "krb5-1.2.7-72.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "i386", "packageFilename": "krb5-server-1.2.7-72.i386.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "x86_64", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.x86_64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ia64", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.ia64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ia64", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.ia64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "x86_64", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ia64", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.ia64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "x86_64", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.x86_64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "x86_64", "packageFilename": "krb5-libs-1.2.7-72.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ia64", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.ia64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "x86_64", "packageFilename": "krb5-libs-1.3.4-62.el4_8.2.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "i386", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.i386.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "x86_64", "packageFilename": "krb5-devel-1.2.7-72.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "src", "packageFilename": "krb5-1.6.1-36.el5_5.4.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "src", "packageFilename": "krb5-1.6.1-36.el5_5.4.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "src", "packageFilename": "krb5-1.6.1-36.el5_5.4.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "src", "packageFilename": "krb5-1.3.4-62.el4_8.2.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "src", "packageFilename": "krb5-1.3.4-62.el4_8.2.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "src", "packageFilename": "krb5-1.3.4-62.el4_8.2.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "x86_64", "packageFilename": "krb5-workstation-1.2.7-72.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "i386", "packageFilename": "krb5-workstation-1.2.7-72.i386.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ia64", "packageFilename": "krb5-server-1.6.1-36.el5_5.4.ia64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "x86_64", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "x86_64", "packageFilename": "krb5-devel-1.6.1-36.el5_5.4.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "i386", "packageFilename": "krb5-devel-1.2.7-72.i386.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "ia64", "packageFilename": "krb5-workstation-1.6.1-36.el5_5.4.ia64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "ia64", "packageFilename": "krb5-workstation-1.3.4-62.el4_8.2.ia64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "i386", "packageFilename": "krb5-libs-1.2.7-72.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.2.7-72", "arch": "i386", "packageFilename": "krb5-libs-1.2.7-72.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "x86_64", "packageFilename": "krb5-devel-1.3.4-62.el4_8.2.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.3.4-62.el4_8.2", "arch": "i386", "packageFilename": "krb5-server-1.3.4-62.el4_8.2.i386.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.1-36.el5_5.4", "arch": "x86_64", "packageFilename": "krb5-libs-1.6.1-36.el5_5.4.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt"}], "description": "[1.6.1-36.el5_5.4]\n- add candidate patch to correct KDC null pointer dereference which\n could be triggered by malformed client requests (CVE-2010-1321, #583703)\n[1.6.1-36.el5_5.3]\n- add upstream patch to fix a few use-after-free bugs, including one in\n kadmind (CVE-2010-0629, #578185)", "edition": 3, "reporter": "Oracle", "published": "2010-05-18T00:00:00", "title": "krb5 security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0629", "CVE-2010-1321"], "modified": "2010-05-18T00:00:00", "id": "ELSA-2010-0423", "href": "http://linux.oracle.com/errata/ELSA-2010-0423.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:51:43", "references": ["https://bugzilla.novell.com/738632", "https://bugzilla.novell.com/650650", "https://bugzilla.novell.com/698471", "https://bugzilla.novell.com/596826", "http://download.novell.com/patch/finder/?keywords=c6533e0368b2b223506fedc65580c4ce"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "x86_64", "packageFilename": "krb5-server-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "i586", "packageFilename": "krb5-devel-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "i586", "packageFilename": "krb5-apps-clients-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-apps-clients", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "s390x", "packageFilename": "krb5-32bit-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "s390x", "packageFilename": "krb5-client-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "i586", "packageFilename": "krb5-server-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "s390x", "packageFilename": "krb5-apps-clients-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-apps-clients", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "s390x", "packageFilename": "krb5-devel-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "x86_64", "packageFilename": "krb5-apps-servers-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-apps-servers", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "x86_64", "packageFilename": "krb5-client-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "s390x", "packageFilename": "krb5-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "x86_64", "packageFilename": "krb5-32bit-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "i586", "packageFilename": "krb5-apps-servers-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-apps-servers", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "x86_64", "packageFilename": "krb5-apps-clients-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-apps-clients", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "i586", "packageFilename": "krb5-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "s390x", "packageFilename": "krb5-apps-servers-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-apps-servers", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "i586", "packageFilename": "krb5-client-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "x86_64", "packageFilename": "krb5-devel-32bit-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "x86_64", "packageFilename": "krb5-devel-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "x86_64", "packageFilename": "krb5-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "s390x", "packageFilename": "krb5-server-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "arch": "s390x", "packageFilename": "krb5-devel-32bit-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-devel-32bit", "operator": "lt"}], "description": "This update of krb5 fixes several security issues.\n\n * CVE-2011-4862: A remote code execution in the\n kerberized telnet daemon was fixed. (This only affects the\n ktelnetd from the krb5-appl RPM, not the regular telnetd\n supplied by SUSE.)\n * CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd\n unauthorized file access problems.\n * CVE-2010-1323 / MITKRB5-SA-2010-007: Fixed multiple\n checksum handling vulnerabilities, where: o krb5 clients\n might have accepted unkeyed SAM-2 challenge checksums o\n krb5 might have accepted KRB-SAFE checksums with\n low-entropy derived keys\n * CVE-2010-1321, MITKRB5-SA-2010-005: Fixed GSS-API\n library null pointer dereference\n", "edition": 1, "reporter": "Suse", "published": "2012-01-05T12:08:23", "title": "Security update for krb5 (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1526", "CVE-2010-1321", "CVE-2011-4862", "CVE-2010-1323"], "modified": "2012-01-05T12:08:23", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00026.html", "id": "SUSE-SU-2012:0010-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:29:41", "references": ["https://bugzilla.novell.com/738632", "https://bugzilla.novell.com/650650", "https://bugzilla.novell.com/698471", "https://bugzilla.novell.com/596826", "http://download.novell.com/patch/finder/?keywords=c6533e0368b2b223506fedc65580c4ce"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-server-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-server", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-devel-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-apps-clients-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-apps-clients", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-32bit-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-client-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-client", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-server-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-server", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-apps-clients-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-apps-clients", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-devel-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-apps-servers-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-apps-servers", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-client-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-client", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-32bit-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-apps-servers-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-apps-servers", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-apps-clients-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-apps-clients", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-apps-servers-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-apps-servers", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-client-1.4.3-19.43.37.1.i586.rpm", "packageName": "krb5-client", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-devel-32bit-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-devel-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-devel-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-1.4.3-19.43.37.1.x86_64.rpm", "packageName": "krb5", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-server-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-server", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.4.3-19.43.37.1", "packageFilename": "krb5-devel-32bit-1.4.3-19.43.37.1.s390x.rpm", "packageName": "krb5-devel-32bit", "arch": "s390x", "operator": "lt"}], "description": "This update of krb5 fixes several security issues.\n\n * CVE-2011-4862: A remote code execution in the\n kerberized telnet daemon was fixed. (This only affects the\n ktelnetd from the krb5-appl RPM, not the regular telnetd\n supplied by SUSE.)\n * CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd\n unauthorized file access problems.\n * CVE-2010-1323 / MITKRB5-SA-2010-007: Fixed multiple\n checksum handling vulnerabilities, where: o krb5 clients\n might have accepted unkeyed SAM-2 challenge checksums o\n krb5 might have accepted KRB-SAFE checksums with\n low-entropy derived keys\n * CVE-2010-1321, MITKRB5-SA-2010-005: Fixed GSS-API\n library null pointer dereference\n", "edition": 1, "reporter": "Suse", "published": "2012-01-05T12:35:50", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for krb5 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1526", "CVE-2010-1321", "CVE-2011-4862", "CVE-2010-1323"], "modified": "2012-01-05T12:35:50", "id": "SUSE-SU-2012:0042-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00034.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:47", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-JRE-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin-32bit", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-64bit-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-alsa-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ppc64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.ppc64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ppc64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.ppc64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-SDK-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-JRE-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-SDK-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-64bit-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-64bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}], "description": "IBM Java 6 was updated to SR9 FP1 was updated to fix a critical security bug in float number handling and also contains other security bugfixes.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2011-03-22T13:32:34", "title": "remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3553", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-3571", "CVE-2010-4476", "CVE-2010-4471", "CVE-2010-1321", "CVE-2010-4447", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-03-22T13:32:34", "id": "SUSE-SA:2011:014", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-03/msg00003.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:26:30", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.0-1.4.6.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-1.4.6.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-1.4.6.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-64bit-1.6.0_sr9.0-1.4.6.ppc.rpm", "packageName": "java-1_6_0-ibm-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr9.0-1.4.6.s390x.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr9.0-1.4.6.s390x.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-1.4.6.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.0-1.4.6.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.0-0.2.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.0-0.2.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-alsa-32bit-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.0-1.4.6.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.0-1.4.6.ppc.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-1.4.6.ppc.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-0.2.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.0-1.4.6.ppc.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-1.4.6.ppc.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-1.4.6.ppc.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-1.4.6.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-1.4.6.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-1.4.6.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.0-1.4.6.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.0-1.4.6", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-32bit-1.6.0_sr9.0-1.4.6.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.0-0.2.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.0-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}], "description": "IBM Java 6 SR9 was released, fixing lots of security issues.", "edition": 1, "reporter": "Suse", "published": "2011-01-25T17:16:52", "title": "remote code execution in java-1_6_0-ibm", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-3557", "CVE-2010-3563", "CVE-2010-3551", "CVE-2010-0771", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-3566", "CVE-2010-3565", "CVE-2010-3572", "CVE-2010-3574", "CVE-2010-3541", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-3560", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-3556", "CVE-2010-3549", "CVE-2010-3555", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2010-3568", "CVE-2010-3558", "CVE-2010-3569"], "modified": "2011-01-25T17:16:52", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00008.html", "id": "SUSE-SA:2011:006", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:36", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008407-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201010412-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008405-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201009406-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201009403-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008411-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX303-201102401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201009402-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "3.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008412-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008410-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201010413-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201009411-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201010409-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}], "description": "a. Service Console update for cpio \n \nThe service console package cpio is updated to version 2.5-6.RHEL3 for ESX 3.x versions and updated to version 2.6-23.el5_4.1 for ESX 4.x versions. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues addressed in the update for ESX 3.x and the names CVE-2007-4476 and CVE-2010-0624 to the issues addressed in the update for ESX 4.x. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2010-08-31T00:00:00", "title": "VMware ESX third party updates for Service Console", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2008-5302", "CVE-2008-5303", "CVE-2010-1168", "CVE-2005-4268", "CVE-2010-0624", "CVE-2010-1447", "CVE-2010-1321", "CVE-2010-2063"], "modified": "2011-02-14T00:00:00", "id": "VMSA-2010-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0013.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T02:40:36", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201010401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi410-201010401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201010419-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}], "description": "a. Service Console OS update for COS kernel \nThis patch updates the service console kernel to fix multiple security issues. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0415, CVE-2010-0307, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and CVE-2010-1088 to these issues. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2010-11-15T00:00:00", "title": "VMware ESXi and ESX third party updates for Service Console and Likewise components", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0307", "CVE-2009-0844", "CVE-2010-1437", "CVE-2009-0846", "CVE-2010-0291", "CVE-2010-0415", "CVE-2010-1321", "CVE-2010-0622", "CVE-2010-1088", "CVE-2009-4212", "CVE-2010-1087", "CVE-2009-0845"], "modified": "2011-01-04T00:00:00", "id": "VMSA-2010-0016", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0016.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T02:40:33", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110206-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201111201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110214-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201203401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110204-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "3.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi410-201110201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201203406-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}], "description": "a. ESX third party update for Service Console openssl RPM \nThe Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2011-10-27T00:00:00", "title": "VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2011-0865", "CVE-2010-2054", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3563", "CVE-2010-3551", "CVE-2011-0802", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-3565", "CVE-2010-4180", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2011-0002", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-3541", "CVE-2011-0873", "CVE-2010-3571", "CVE-2010-3173", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-3559", "CVE-2008-7270", "CVE-2011-0815", "CVE-2010-1321", "CVE-2010-3556", "CVE-2011-0867", "CVE-2010-3561", "CVE-2010-4447", "CVE-2010-3549", "CVE-2010-3554", "CVE-2010-3170", "CVE-2010-4470", "CVE-2010-3555", "CVE-2011-0864", "CVE-2010-3570", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2010-4467", "CVE-2010-3568", "CVE-2011-0862", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569", "CVE-2011-0871", "CVE-2011-0814"], "modified": "2012-03-29T00:00:00", "id": "VMSA-2011-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2011-0013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:43", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1322", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4022", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0283", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4020", "https://bugs.gentoo.org/show_bug.cgi?id=323525", "https://bugs.gentoo.org/show_bug.cgi?id=359129", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1321", "https://bugs.gentoo.org/show_bug.cgi?id=347369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1323", "https://bugs.gentoo.org/show_bug.cgi?id=339866", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0283", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1528", "https://bugs.gentoo.org/show_bug.cgi?id=387585", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1320", "https://bugs.gentoo.org/show_bug.cgi?id=303723", "https://bugs.gentoo.org/show_bug.cgi?id=308021", "https://bugs.gentoo.org/show_bug.cgi?id=321935", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0282", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0284", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1529", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0629", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0285", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3295", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0281", "https://bugs.gentoo.org/show_bug.cgi?id=363507", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1527", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4151", "https://bugs.gentoo.org/show_bug.cgi?id=352859", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4212", "https://bugs.gentoo.org/show_bug.cgi?id=393429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1324", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1530"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.9.2-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-crypt/mit-krb5", "operator": "lt"}], "edition": 1, "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.9.2-r1\"", "reporter": "Gentoo Foundation", "published": "2012-01-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0283", "CVE-2011-1530", "CVE-2011-1529", "CVE-2011-4151", "CVE-2011-0285", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-1320", "CVE-2010-0629", "CVE-2011-0283", "CVE-2010-4021", "CVE-2011-0281", "CVE-2010-1322", "CVE-2011-1528", "CVE-2010-1321", "CVE-2009-3295", "CVE-2011-0282", "CVE-2009-4212", "CVE-2011-1527", "CVE-2011-0284", "CVE-2010-1323", "CVE-2010-4022"], "modified": "2012-01-23T00:00:00", "id": "GLSA-201201-13", "href": "https://security.gentoo.org/glsa/201201-13", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisco": [{"lastseen": "2018-04-07T12:12:49", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20100519-CVE-2010-1321"], "description": "MIT Kerberos contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. \n\nThe vulnerability is in the GSS-API acceptor component due to lack of pointer validation. An authenticated, remote attacker could exploit the vulnerability by making a crafted request to the affected component. This action could cause the component to crash, resulting in a DoS condition. \n\nMIT has confirmed this vulnerability and released updated software.\n\nThe vulnerability can be exploited only by an authenticated attacker, which somewhat reduces the threat of an attack on affected systems.\n\nCisco Network Admission Control Guest Server may be affected if Active Directory single sign-on is enabled.", "reporter": "Cisco", "published": "2010-05-19T15:40:37", "type": "cisco", "title": "MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Network Admission Control Guest Server", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2010-1321", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3555", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3558", "CVE-2010-3559", "CVE-2010-3560", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3563", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3570", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2015-01-31T05:30:00", "id": "CISCO-SA-20100519-CVE-2010-1321", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20100519-CVE-2010-1321", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:47", "references": [], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 85 new security fixes across all product families listed below.\n\nOracle is in the process of aligning the Sun Microsystems policies with Oracle Software Security Assurance policies and procedures. For details, please refer to [Changes in security policies for the Sun product lines.](<http://www.oracle.com/technetwork/topics/security/changesforsunsecuritypolicies-162219.html>)\n", "edition": 3, "reporter": "Oracle", "published": "2010-10-12T00:00:00", "title": "Oracle Critical Patch Update - October 2010", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "StarOffice, StarSuite", "version": "9", "operator": "le"}, {"name": "Siebel Core", "version": "7.7.2.12", "operator": "le"}, {"name": "PeopleSoft FMS ESA - EX", "version": "8.9", "operator": "le"}, {"name": "Sun Convergence 1, Sun Java Communications Suite 7", "version": "7.0", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS ESA - RM", "version": "9.1", "operator": "le"}, {"name": "OID", "version": "11.1.1.2.0", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - AM", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM GP - Japan", "version": "8.9", "operator": "le"}, {"name": "PeopleSoft FMS ESA - EX", "version": "9.1", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - GL", "version": "8.9", "operator": "le"}, {"name": "XDK", "version": "10.1.0.5", "operator": "le"}, {"name": "Siebel Core - Highly Interactive Client", "version": "8.0.0.10", "operator": "le"}, {"name": "Change Data Capture", "version": "11.1.0.7", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM - GP France", "version": "8.9", "operator": "le"}, {"name": "Oracle Communications Messaging Server (Sun Java System Messaging Server)", "version": "7.0", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - AM", "version": "9.1", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM GP - Japan", "version": "8.81", "operator": "le"}, {"name": "Agile PLM", "version": "9.3.0.0", "operator": "le"}, {"name": "Java Virtual Machine", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle Territory Management", "version": "12.0.6", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM OM and CRM Order Capture", "version": "9.1", "operator": "le"}, {"name": "EM Console", "version": "10.2.0.3", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - GL", "version": "91.", "operator": "le"}, {"name": "Oracle iPlanet Web Server (Sun Java System Web Server)", "version": "7.0", "operator": "le"}, {"name": "Directory Server Enterprise Edition", "version": "6.1", "operator": "le"}, {"name": "Oracle Communications Messaging Server (Sun Java System Messaging Server)", "version": "6.0", "operator": "le"}, {"name": "Solaris", "version": "8", "operator": "le"}, {"name": "Oracle iRecruitment", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "5.5.06.03", "operator": "le"}, {"name": "Change Data Capture", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle VM", "version": "2.2.1", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM - HR", "version": "9.1", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM - HR", "version": "9.0", "operator": "le"}, {"name": "Oracle iRecruitment", "version": "11.5.10.2", "operator": "le"}, {"name": "Siebel Core", "version": "7.8.2.14", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.0.6", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "7.0.1.0", "operator": "le"}, {"name": "Oracle Territory Management", "version": "12.1.3", "operator": "le"}, {"name": "Oracle RDBMS", "version": "10.2.0.3", "operator": "le"}, {"name": "Java Virtual Machine", "version": "10.2.0.4", "operator": "le"}, {"name": "Siebel Core - Highly Interactive Client", "version": "7.7.2.12", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM - Order Capture", "version": "9.1", "operator": "le"}, {"name": "Oracle E-Business Intelligence", "version": "12.0.6", "operator": "le"}, {"name": "XDK", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - GL", "version": "9.0", "operator": "le"}, {"name": "Oracle iPlanet Web Server (Sun Java System Web Server)", "version": "7.0u8", "operator": "le"}, {"name": "Oracle Communications Messaging Server (Sun Java System Messaging Server)", "version": "6.3", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM OM and CRM Order Capture", "version": "8.9", "operator": "le"}, {"name": "Directory Server Enterprise Edition", "version": "6.0", "operator": "le"}, {"name": "Cabo/UIX", "version": "10.1.3.5", "operator": "le"}, {"name": "Java Virtual Machine", "version": "11.2.0.1", "operator": "le"}, {"name": "Oracle iPlanet Web Server (Sun Java System Web Server)", "version": "6.1", "operator": "le"}, {"name": "Directory Server Enterprise Edition", "version": "6.3", "operator": "le"}, {"name": "Sun Convergence 1, Sun Java Communications Suite 7", "version": "1.0", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM - Common Components", "version": "9.0", "operator": "le"}, {"name": "Forms", "version": "10.1.2.3", "operator": "le"}, {"name": "Oracle RDBMS", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle iRecruitment", "version": "12.1.2", "operator": "le"}, {"name": "Sun Java System Identity Manager", "version": "8.1", "operator": "le"}, {"name": "XDK", "version": "11.1.0.7", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM - Strategic Sourcing", "version": "8.9", "operator": "le"}, {"name": "Siebel Core - Highly Interactive Client", "version": "8.1.1.3", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "11.5.10.2", "operator": "le"}, {"name": "Siebel Core - Highly Interactive Client", "version": "7.8.2.14", "operator": "le"}, {"name": "Siebel Core", "version": "8.0.0.10", "operator": "le"}, {"name": "StarOffice, StarSuite", "version": "8", "operator": "le"}, {"name": "EM Console", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle Territory Management", "version": "11.5.10.2", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "6.21.3.0", "operator": "le"}, {"name": "Directory Server Enterprise Edition", "version": "6.2", "operator": "le"}, {"name": "Solaris", "version": "9", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM - Strategic Sourcing", "version": "9.1", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM GP - Japan", "version": "9.1", "operator": "le"}, {"name": "EM Console", "version": "10.1.4.3", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS, SCM, EPM, CRM, Campus Solutions", "version": "8.9", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM - GP France", "version": "8.81", "operator": "le"}, {"name": "BI Publisher", "version": "10.1.3.3.2", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM - GP France", "version": "9.0", "operator": "le"}, {"name": "Siebel Core", "version": "8.1.1.3", "operator": "le"}, {"name": "OID", "version": "10.1.4.3", "operator": "le"}, {"name": "Oracle iRecruitment", "version": "12.0.6", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM - Order Capture", "version": "9.0", "operator": "le"}, {"name": "Change Data Capture", "version": "11.2.0.1", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.0.6", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM - Strategic Sourcing", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS, SCM, EPM, CRM, Campus Solutions", "version": "9.1", "operator": "le"}, {"name": "Cabo/UIX", "version": "10.1.2.3", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM", "version": "8.9", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - Cash Management", "version": "8.9", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.49.28", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM GP - Japan", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - GL", "version": "9.1", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS ESA - RM", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS ESA - RM", "version": "8.9", "operator": "le"}, {"name": "Oracle E-Business Intelligence", "version": "12.1.3", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM ePay", "version": "9.1", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - Cash Management", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM - PO", "version": "9.1", "operator": "le"}, {"name": "Change Data Capture", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM - PO", "version": "8.9", "operator": "le"}, {"name": "OracleVM", "version": "2.2.1", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM", "version": "9.0", "operator": "le"}, {"name": "Oracle Communications Messaging Server (Sun Java System Messaging Server)", "version": "6.2", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.1.2", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM - Common Components", "version": "9.1", "operator": "le"}, {"name": "StarOffice, StarSuite", "version": "7", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM - GP France", "version": "9.1", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.1.2", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM - PO", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft FMS ESA - EX", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM - Common Components", "version": "8.9", "operator": "le"}, {"name": "Java Virtual Machine", "version": "11.1.0.7", "operator": "le"}, {"name": "OID", "version": "10.1.2.3", "operator": "le"}, {"name": "EM Console", "version": "10.1.2.3", "operator": "le"}, {"name": "Oracle Explorer (Sun Explorer)", "version": "6.4", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM OM and CRM Order Capture", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - AM", "version": "8.9", "operator": "le"}, {"name": "BI Publisher", "version": "10.1.3.4.1", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM ePay", "version": "9.0", "operator": "le"}, {"name": "OLAP", "version": "11.1.0.7", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.50.12", "operator": "le"}, {"name": "Oracle E-Business Intelligence", "version": "11.5.10.2", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS - Cash Management", "version": "9.1", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM", "version": "9.1", "operator": "le"}], "cvelist": ["CVE-2010-2406", "CVE-2010-3584", "CVE-2010-3518", "CVE-2009-3302", "CVE-2009-3301", "CVE-2010-3500", "CVE-2010-3526", "CVE-2010-3502", "CVE-2010-3535", "CVE-2010-3514", "CVE-2010-3503", "CVE-2010-3522", "CVE-2010-2389", "CVE-2010-2412", "CVE-2010-3579", "CVE-2010-3578", "CVE-2010-2414", "CVE-2010-3581", "CVE-2010-3520", "CVE-2010-2409", "CVE-2009-2949", "CVE-2010-3513", "CVE-2010-2416", "CVE-2010-3511", "CVE-2010-3525", "CVE-2010-3540", "CVE-2010-3517", "CVE-2010-2418", "CVE-2010-2417", "CVE-2010-3508", "CVE-2010-2415", "CVE-2010-0395", "CVE-2010-3509", "CVE-2010-3542", "CVE-2010-3575", "CVE-2010-3506", "CVE-2010-2388", "CVE-2010-3507", "CVE-2010-3512", "CVE-2010-3528", "CVE-2010-3538", "CVE-2010-2410", "CVE-2010-2391", "CVE-2010-3523", "CVE-2010-3533", "CVE-2009-2950", "CVE-2010-2395", "CVE-2010-3577", "CVE-2010-3545", "CVE-2010-3529", "CVE-2010-2408", "CVE-2010-2405", "CVE-2010-2407", "CVE-2009-3555", "CVE-2010-2419", "CVE-2010-3583", "CVE-2010-3504", "CVE-2010-3501", "CVE-2010-3527", "CVE-2010-1321", "CVE-2010-2396", "CVE-2010-2411", "CVE-2010-3530", "CVE-2010-3516", "CVE-2010-2390", "CVE-2010-3524", "CVE-2010-3564", "CVE-2010-3546", "CVE-2010-3580", "CVE-2010-3534", "CVE-2010-3576", "CVE-2010-3539", "CVE-2010-3515", "CVE-2010-3521", "CVE-2010-2404", "CVE-2010-3519", "CVE-2010-3582", "CVE-2010-3547", "CVE-2010-3537", "CVE-2010-3532", "CVE-2010-2413", "CVE-2010-3544", "CVE-2010-3531", "CVE-2010-3536", "CVE-2010-3585"], "modified": "2010-10-12T00:00:00", "id": "ORACLE:CPUOCT2010-175626", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T04:14:01", "references": [], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 66 new security fixes across all product families listed below.\n", "edition": 3, "reporter": "Oracle", "published": "2011-01-18T00:00:00", "title": "Oracle Critical Patch Update - January 2011", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle BI Publisher", "version": "10.1.3.3.2", "operator": "le"}, {"name": "Oracle BI Publisher", "version": "10.1.3.4.0", "operator": "le"}, {"name": "Oracle Open Office, StarOffice, StarSuite", "version": "3.2.1", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.0.6", "operator": "le"}, {"name": "Oracle JRockit", "version": "27.6.7", "operator": "le"}, {"name": "SunMC", "version": "4.0", "operator": "le"}, {"name": "Oracle Document Capture", "version": "10.1.3.4", "operator": "le"}, {"name": "Services for Beehive", "version": "2.0.1.1", "operator": "le"}, {"name": "Oracle Transportation Manager", "version": "6.2", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.0", "operator": "le"}, {"name": "Oracle Spatial", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Open Office, StarOffice, StarSuite", "version": "8", "operator": "le"}, {"name": "Sun Java System Communications Express", "version": "6.2", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "7.0.7", "operator": "le"}, {"name": "Cluster Verify Utility", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "9.2.4", "operator": "le"}, {"name": "Oracle Discoverer", "version": "10.1.2.3", "operator": "le"}, {"name": "Health Sciences - Oracle Argus Safety", "version": "5.0.2", "operator": "le"}, {"name": "Agile Core", "version": "9.3.1", "operator": "le"}, {"name": "Solaris", "version": "8", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "9.0", "operator": "le"}, {"name": "Oracle BI Publisher", "version": "10.1.3.4.1", "operator": "le"}, {"name": "Oracle Transportation Manager", "version": "5.5.06", "operator": "le"}, {"name": "Oracle Spatial", "version": "11.2.0.1", "operator": "le"}, {"name": "Database Vault", "version": "11.1.0.7", "operator": "le"}, {"name": "mod_ssl", "version": "10.3.0.2", "operator": "le"}, {"name": "Services for Beehive", "version": "2.0.1.3", "operator": "le"}, {"name": "Oracle GoldenGate Veridata", "version": "3.0.0.4", "operator": "le"}, {"name": "Solaris", "version": "11", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.0.4", "operator": "le"}, {"name": "Services for Beehive", "version": "2.0.1.2", "operator": "le"}, {"name": "Sun Java System Access Manager, Oracle OpenSSO", "version": "8", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.3", "operator": "le"}, {"name": "Database Vault", "version": "11.2.0.1", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Message Queue", "version": "3.0.1", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "9.1", "operator": "le"}, {"name": "Cluster Verify Utility", "version": "10.2.0.4", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.0.4", "operator": "le"}, {"name": "Services for Beehive", "version": "2.0.1.2.1", "operator": "le"}, {"name": "Sun Java System Communications Express", "version": "6.3", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.0", "operator": "le"}, {"name": "Health Sciences - InForm", "version": "4.6", "operator": "le"}, {"name": "Client System Analyzer", "version": "11.2.0.1", "operator": "le"}, {"name": "Oracle BI Publisher", "version": "11.1.1.3", "operator": "le"}, {"name": "Sun Java System Portal Server", "version": "7.1", "operator": "le"}, {"name": "Health Sciences - Oracle Argus Safety", "version": "5.0.3", "operator": "le"}, {"name": "Oracle Spatial", "version": "10.2.0.4", "operator": "le"}, {"name": "Health Sciences - Oracle Argus Safety", "version": "5.0.1", "operator": "le"}, {"name": "Oracle Transportation Manager", "version": "6.0", "operator": "le"}, {"name": "Real User Experience Insight", "version": "6.0", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "8.9", "operator": "le"}, {"name": "Client System Analyzer", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.0.5", "operator": "le"}, {"name": "Solaris", "version": "9", "operator": "le"}, {"name": "Services for Beehive", "version": "2.0.1.0", "operator": "le"}, {"name": "Cluster Verify Utility", "version": "10.2.0.5", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.49.0", "operator": "le"}, {"name": "Sun Convergence", "version": "1.0", "operator": "le"}, {"name": "Scheduler Agent", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.2", "operator": "le"}, {"name": "Health Sciences - InForm", "version": "5.0", "operator": "le"}, {"name": "Oracle JRockit", "version": "5", "operator": "le"}, {"name": "Oracle Document Capture", "version": "10.1.3.5", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.3", "operator": "le"}, {"name": "Sun Java System Access Manager, Oracle OpenSSO", "version": "7", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "9.2.3", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "11.1.1.3", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM", "version": "9.0", "operator": "le"}, {"name": "Scheduler Agent", "version": "11.2.0.1", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "8.1.6", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Message Queue", "version": "2.1.1", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.0.5", "operator": "le"}, {"name": "Health Sciences - InForm", "version": "4.5", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Discoverer", "version": "11.1.1.2.0", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.1.3", "operator": "le"}, {"name": "Sun Java System Portal Server", "version": "7.2", "operator": "le"}, {"name": "Oracle Common Applications", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Transportation Manager", "version": "6.1", "operator": "le"}, {"name": "Audit Vault", "version": "10.2.3.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.51.0", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.50.11", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Discoverer", "version": "11.1.1.3.0", "operator": "le"}, {"name": "Health Sciences - Oracle Argus Safety", "version": "5.0", "operator": "le"}, {"name": "Sun Java System Access Manager, Oracle OpenSSO", "version": "7.1", "operator": "le"}, {"name": "Cluster Verify Utility", "version": "11.2.0.1", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "11.1.1.2", "operator": "le"}, {"name": "Agile Core", "version": "9.3.0.2", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.1.1", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.0.2", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Message Queue", "version": "2.1", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.1", "operator": "le"}, {"name": "Client System Analyzer", "version": "11.1.0.7", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM", "version": "9.1", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.50.0", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.3.0", "operator": "le"}], "cvelist": ["CVE-2010-3598", "CVE-2010-3562", "CVE-2010-4428", "CVE-2010-4459", "CVE-2010-4445", "CVE-2010-4416", "CVE-2010-3557", "CVE-2010-4429", "CVE-2010-3505", "CVE-2010-4420", "CVE-2010-3551", "CVE-2010-4458", "CVE-2010-3553", "CVE-2010-2632", "CVE-2010-1227", "CVE-2010-3566", "CVE-2010-4439", "CVE-2010-4444", "CVE-2010-3565", "CVE-2010-3599", "CVE-2010-3594", "CVE-2010-4425", "CVE-2010-3589", "CVE-2010-3572", "CVE-2010-4433", "CVE-2010-3593", "CVE-2010-4426", "CVE-2010-4453", "CVE-2010-4436", "CVE-2010-2935", "CVE-2010-3597", "CVE-2010-4427", "CVE-2010-3592", "CVE-2010-4423", "CVE-2010-3574", "CVE-2010-4441", "CVE-2010-4461", "CVE-2010-4419", "CVE-2010-4435", "CVE-2010-3600", "CVE-2010-3541", "CVE-2010-4431", "CVE-2010-4455", "CVE-2009-4269", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-4457", "CVE-2010-4417", "CVE-2010-3590", "CVE-2010-4442", "CVE-2010-4464", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-4456", "CVE-2010-3556", "CVE-2010-4443", "CVE-2010-4414", "CVE-2010-3561", "CVE-2010-3595", "CVE-2010-3549", "CVE-2010-4413", "CVE-2010-3554", "CVE-2010-4415", "CVE-2010-4418", "CVE-2010-4434", "CVE-2010-4421", "CVE-2010-2936", "CVE-2010-3555", "CVE-2010-4430", "CVE-2010-4437", "CVE-2010-3588", "CVE-2010-3510", "CVE-2010-4424", "CVE-2010-4449", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3586", "CVE-2010-3591", "CVE-2010-3548", "CVE-2010-4446", "CVE-2010-4432", "CVE-2010-3568", "CVE-2010-3587", "CVE-2010-4460", "CVE-2010-4438", "CVE-2010-4440", "CVE-2010-3569"], "modified": "2011-02-01T00:00:00", "id": "ORACLE:CPUJAN2011-194091", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T04:13:42", "references": [], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 78 new security fixes across all product families listed below.\n", "edition": 3, "reporter": "Oracle", "published": "2011-12-15T00:00:00", "title": "Oracle Critical Patch Update - July 2011", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Event Management", "version": "10.2.0.3", "operator": "le"}, {"name": "XML Developer Kit", "version": "11.1.0.7", "operator": "le"}, {"name": "Security Framework", "version": "11.1.0.1", "operator": "le"}, {"name": "Streams, AQ & Replication Mgmt", "version": "10.1.0.6", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.49.31", "operator": "le"}, {"name": "SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series", "version": "8.0.3.b", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.0", "operator": "le"}, {"name": "Business Intelligence", "version": "11.5.10.2", "operator": "le"}, {"name": "Instance Management", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.3.5.0", "operator": "le"}, {"name": "Instance Management", "version": "10.1.0.5", "operator": "le"}, {"name": "SQL Performance Advisories/UIs", "version": "11.2.0.2", "operator": "le"}, {"name": "Oracle RDBMS", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.1.4", "operator": "le"}, {"name": "Business Intelligence", "version": "12.0.6", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.1.0.7", "operator": "le"}, {"name": "Enterprise Manager Console", "version": "11.1.0.7", "operator": "le"}, {"name": "Enterprise Manager Console", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "2.1.1", "operator": "le"}, {"name": "Security Framework", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle Solaris Cluster", "version": "3.3", "operator": "le"}, {"name": "Content Management", "version": "10.1.0.5", "operator": "le"}, {"name": "XML Developer Kit", "version": "10.1.3.5", "operator": "le"}, {"name": "Database Target Type Menus", "version": "10.1.0.6", "operator": "le"}, {"name": "Solaris", "version": "8", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.3.2.0", "operator": "le"}, {"name": "Database Target Type Menus", "version": "10.2.0.4", "operator": "le"}, {"name": "Event Management", "version": "10.1.0.6", "operator": "le"}, {"name": "Enterprise Config Management", "version": "11.2.0.1", "operator": "le"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.1", "operator": "le"}, {"name": "CMDB Metadata & Instance APIs", "version": "10.1.0.6", "operator": "le"}, {"name": "Instance Management", "version": "10.2.0.5", "operator": "le"}, {"name": "Schema Management", "version": "11.2.0.2", "operator": "le"}, {"name": "EMCTL", "version": "10.1.0.6", "operator": "le"}, {"name": "Database Vault", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle RDBMS", "version": "10.2.0.3", "operator": "le"}, {"name": "Enterprise Manager Console", "version": "10.2.0.4", "operator": "le"}, {"name": "Security Management", "version": "10.1.0.5", "operator": "le"}, {"name": "Solaris", "version": "11", "operator": "le"}, {"name": "Business Intelligence", "version": "12.1.1", "operator": "le"}, {"name": "Database Target Type Menus", "version": "11.1.0.1", "operator": "le"}, {"name": "Schema Management", "version": "10.2.0.5", "operator": "le"}, {"name": "Instance Management", "version": "11.2.0.2", "operator": "le"}, {"name": "Instance Management", "version": "10.2.0.4", "operator": "le"}, {"name": "Security Framework", "version": "10.2.0.4", "operator": "le"}, {"name": "Security Framework", "version": "10.1.0.5", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.3", "operator": "le"}, {"name": "Enterprise Manager Console", "version": "10.2.0.5", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.50.20", "operator": "le"}, {"name": "Database Vault", "version": "11.2.0.1", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.1", "operator": "le"}, {"name": "Security Framework", "version": "11.2.0.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "3.2", "operator": "le"}, {"name": "Oracle Universal Installer", "version": "10.1.0.5", "operator": "le"}, {"name": "EMCTL", "version": "11.1.0.7", "operator": "le"}, {"name": "Instance Management", "version": "10.1.0.6", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.1.5", "operator": "le"}, {"name": "Database Target Type Menus", "version": "10.2.0.3", "operator": "le"}, {"name": "Schema Management", "version": "10.2.0.3", "operator": "le"}, {"name": "CMDB Metadata & Instance APIs", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Secure Backup", "version": "10.3.0.3", "operator": "le"}, {"name": "Oracle RDBMS", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "3.1", "operator": "le"}, {"name": "Content Management", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle RDBMS", "version": "10.2.0.4", "operator": "le"}, {"name": "SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series", "version": "8.1.0.a", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "CMDB Metadata & Instance APIs", "version": "10.2.0.4", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.0", "operator": "le"}, {"name": "Business Intelligence", "version": "12.1.2", "operator": "le"}, {"name": "XML Developer Kit", "version": "10.2.0.3", "operator": "le"}, {"name": "Database Target Type Menus", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle Containers for J2EE", "version": "10.1.3.5", "operator": "le"}, {"name": "SPARC T3 Series, SPARC Netra T3 Series", "version": "8.1.0.a", "operator": "le"}, {"name": "Oracle JRockit", "version": "27.6.9", "operator": "le"}, {"name": "Security Framework", "version": "10.2.0.3", "operator": "le"}, {"name": "Enterprise Manager Console", "version": "11.2.0.1", "operator": "le"}, {"name": "Schema Management", "version": "10.1.0.6", "operator": "le"}, {"name": "Enterprise Config Management", "version": "10.2.0.5", "operator": "le"}, {"name": "Schema Management", "version": "11.2.0.1", "operator": "le"}, {"name": "Business Intelligence", "version": "12.1.3", "operator": "le"}, {"name": "Instance Management", "version": "11.2.0.1", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "10.1.3.4.1", "operator": "le"}, {"name": "Schema Management", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.1.3", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "8.9", "operator": "le"}, {"name": "XML Developer Kit", "version": "10.2.0.5", "operator": "le"}, {"name": "Solaris", "version": "9", "operator": "le"}, {"name": "Agile Core Technology", "version": "9.3.0.3", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.1.0.7.3", "operator": "le"}, {"name": "CMDB Metadata & Instance APIs", "version": "10.1.0.5", "operator": "le"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.0", "operator": "le"}, {"name": "XML Developer Kit", "version": "10.1.0.5", "operator": "le"}, {"name": "Database Target Type Menus", "version": "11.2.0.1", "operator": "le"}, {"name": "Schema Management", "version": "11.1.0.7", "operator": "le"}, {"name": "Enterprise Manager Console", "version": "10.2.0.3", "operator": "le"}, {"name": "Oracle JRockit", "version": "5", "operator": "le"}, {"name": "EMCTL", "version": "10.2.0.3", "operator": "le"}, {"name": "Security Framework", "version": "11.1.0.7", "operator": "le"}, {"name": "SQL Performance Advisories/UIs", "version": "11.1.0.1", "operator": "le"}, {"name": "Security Management", "version": "10.1.0.6", "operator": "le"}, {"name": "Enterprise Config Management", "version": "11.2.0.2", "operator": "le"}, {"name": "Schema Management", "version": "10.2.0.4", "operator": "le"}, {"name": "XML Developer Kit", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS", "version": "9.1", "operator": "le"}, {"name": "Enterprise Config Management", "version": "10.2.0.4", "operator": "le"}, {"name": "XML Developer Kit", "version": "11.2.0.1", "operator": "le"}, {"name": "PeopleSoft Enterprise FMS", "version": "9.0", "operator": "le"}, {"name": "SQL Performance Advisories/UIs", "version": "11.1.0.7", "operator": "le"}, {"name": "CMDB Metadata & Instance APIs", "version": "11.2.0.2", "operator": "le"}, {"name": "Agile Core Technology", "version": "9.3.1.1", "operator": "le"}, {"name": "Enterprise Manager Console", "version": "10.1.0.6", "operator": "le"}, {"name": "CMDB Metadata & Instance APIs", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle Containers for J2EE", "version": "10.1.2.3", "operator": "le"}, {"name": "Oracle Containers for J2EE", "version": "10.1.4.3", "operator": "le"}, {"name": "Database Target Type Menus", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "3.0", "operator": "le"}, {"name": "Content Management", "version": "10.2.0.4", "operator": "le"}, {"name": "Instance Management", "version": "10.2.0.3", "operator": "le"}, {"name": "Enterprise Config Management", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.0.1", "operator": "le"}, {"name": "SQL Performance Advisories/UIs", "version": "11.2.0.1", "operator": "le"}, {"name": "Database Target Type Menus", "version": "11.2.0.2", "operator": "le"}, {"name": "Security Management", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise FIN", "version": "9.1", "operator": "le"}, {"name": "EMCTL", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM", "version": "9.0", "operator": "le"}, {"name": "Event Management", "version": "10.2.0.4", "operator": "le"}, {"name": "Event Management", "version": "10.1.0.5", "operator": "le"}, {"name": "Content Management", "version": "10.2.0.3", "operator": "le"}, {"name": "CMDB Metadata & Instance APIs", "version": "10.2.0.3", "operator": "le"}, {"name": "Security Framework", "version": "10.1.0.6", "operator": "le"}, {"name": "Security Management", "version": "10.2.0.3", "operator": "le"}, {"name": "Enterprise Manager Console", "version": "11.2.0.2", "operator": "le"}, {"name": "CMDB Metadata & Instance APIs", "version": "11.2.0.1", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.51.11", "operator": "le"}, {"name": "Database Target Type Menus", "version": "11.1.0.7", "operator": "le"}, {"name": "SQL Performance Advisories/UIs", "version": "10.2.0.5", "operator": "le"}, {"name": "Streams, AQ & Replication Mgmt", "version": "10.1.0.5", "operator": "le"}, {"name": "Enterprise Config Management", "version": "10.1.0.6", "operator": "le"}, {"name": "Oracle Containers for J2EE", "version": "10.1.4.0.1", "operator": "le"}, {"name": "SQL Performance Advisories/UIs", "version": "10.1.0.6", "operator": "le"}, {"name": "Enterprise Config Management", "version": "10.1.0.5", "operator": "le"}, {"name": "Business Intelligence", "version": "12.0.4", "operator": "le"}, {"name": "Streams, AQ & Replication Mgmt", "version": "10.2.0.3", "operator": "le"}, {"name": "SPARC Enterprise M Series", "version": "1101", "operator": "le"}, {"name": "PeopleSoft Enterprise FIN", "version": "9.0", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.3", "operator": "le"}, {"name": "Security Framework", "version": "11.2.0.2", "operator": "le"}, {"name": "Database Control", "version": "10.1.0.6", "operator": "le"}, {"name": "Enterprise Config Management", "version": "10.2.0.3", "operator": "le"}], "cvelist": ["CVE-2011-2241", "CVE-2011-0845", "CVE-2011-0835", "CVE-2011-0865", "CVE-2011-2251", "CVE-2011-2230", "CVE-2011-0831", "CVE-2011-2277", "CVE-2011-2295", "CVE-2011-0882", "CVE-2011-2278", "CVE-2011-2246", "CVE-2011-0830", "CVE-2011-2243", "CVE-2011-0802", "CVE-2011-0868", "CVE-2011-2274", "CVE-2011-2293", "CVE-2011-2264", "CVE-2011-2307", "CVE-2011-2244", "CVE-2011-0869", "CVE-2011-2249", "CVE-2011-0877", "CVE-2011-2300", "CVE-2011-0811", "CVE-2011-2232", "CVE-2011-2289", "CVE-2011-2238", "CVE-2011-2288", "CVE-2011-2261", "CVE-2011-2272", "CVE-2011-2290", "CVE-2011-2240", "CVE-2011-2257", "CVE-2011-2284", "CVE-2011-2250", "CVE-2011-2267", "CVE-2011-2252", "CVE-2011-0875", "CVE-2011-2296", "CVE-2011-2285", "CVE-2011-0873", "CVE-2011-2242", "CVE-2011-2297", "CVE-2011-0816", "CVE-2011-2248", "CVE-2011-2253", "CVE-2011-0879", "CVE-2011-2258", "CVE-2011-0870", "CVE-2011-0815", "CVE-2010-1321", "CVE-2011-2279", "CVE-2011-2281", "CVE-2011-0883", "CVE-2011-2299", "CVE-2011-0832", "CVE-2011-0838", "CVE-2011-2273", "CVE-2011-0876", "CVE-2011-2283", "CVE-2011-0867", "CVE-2011-2275", "CVE-2011-2263", "CVE-2011-2305", "CVE-2011-2239", "CVE-2011-0884", "CVE-2011-2294", "CVE-2011-0822", "CVE-2011-2287", "CVE-2011-0848", "CVE-2011-2245", "CVE-2011-0866", "CVE-2011-0880", "CVE-2011-2260", "CVE-2011-0881", "CVE-2011-2291", "CVE-2011-0852", "CVE-2011-2231", "CVE-2011-1511", "CVE-2011-2282", "CVE-2011-2298", "CVE-2011-0862", "CVE-2011-2259", "CVE-2011-0871", "CVE-2011-0814", "CVE-2011-0872", "CVE-2011-2280"], "modified": "2011-07-19T00:00:00", "id": "ORACLE:CPUJULY2011-313328", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
