Search...

couchdb code execution

2010-09-12T00:00:00

ID SECURITYVULNS:VULN:11133
Type securityvulns
Reporter BUGTRAQ
Modified 2010-09-12T00:00:00

Description

Ralative path for dynamic library loading.

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:VULN:11133", "bulletinFamily": "software", "title": "couchdb code execution", "description": "Ralative path for dynamic library loading.", "published": "2010-09-12T00:00:00", "modified": "2010-09-12T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11133", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24706"], "cvelist": ["CVE-2010-2953"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:38", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2018-08-31T11:09:38", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2953"]}, {"type": "openvas", "idList": ["OPENVAS:68087", "OPENVAS:1361412562310862411", "OPENVAS:862411", "OPENVAS:862416", "OPENVAS:136141256231068087", "OPENVAS:1361412562310862416"]}, {"type": "nessus", "idList": ["FEDORA_2010-13665.NASL", "DEBIAN_DSA-2107.NASL", "FEDORA_2010-13640.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2107-1:D2F18"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24706"]}], "modified": "2018-08-31T11:09:38", "rev": 2}, "vulnersScore": 6.7}, "affectedSoftware": [{"name": "CouchDB", "operator": "eq", "version": "0.11"}]}

{"cve": [{"lastseen": "2021-02-02T05:45:01", "description": "Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.\nPer: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "edition": 4, "cvss3": {}, "published": "2010-09-14T19:00:00", "title": "CVE-2010-2953", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2953"], "modified": "2010-09-14T19:00:00", "cpe": ["cpe:/a:apache:couchdb:0.8.0"], "id": "CVE-2010-2953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2953", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apache:couchdb:0.8.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-06T13:04:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2953"], "description": "The remote host is missing an update to couchdb\nannounced via advisory DSA 2107-1.", "modified": "2018-01-04T00:00:00", "published": "2010-10-10T00:00:00", "id": "OPENVAS:136141256231068087", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068087", "type": "openvas", "title": "Debian Security Advisory DSA 2107-1 (couchdb)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2107_1.nasl 8287 2018-01-04 07:28:11Z teissa $\n# Description: Auto-generated from advisory DSA 2107-1 (couchdb)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that in couchdb, a distributed,\nfault-tolerant and schema-free document-oriented database, an insecure\nlibrary search path is used; a local attacker could execute arbitrary\ncode by first dumping a maliciously crafted shared library in some\ndirectory, and then having an administrator run couchdb from this same\ndirectory.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.0-2+lenny1.\n\nWe recommend that you upgrade your couchdb package.\";\ntag_summary = \"The remote host is missing an update to couchdb\nannounced via advisory DSA 2107-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202107-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68087\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2953\");\n script_name(\"Debian Security Advisory DSA 2107-1 (couchdb)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"couchdb\", ver:\"0.8.0-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2953"], "description": "The remote host is missing an update to couchdb\nannounced via advisory DSA 2107-1.", "modified": "2017-07-07T00:00:00", "published": "2010-10-10T00:00:00", "id": "OPENVAS:68087", "href": "http://plugins.openvas.org/nasl.php?oid=68087", "type": "openvas", "title": "Debian Security Advisory DSA 2107-1 (couchdb)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2107_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2107-1 (couchdb)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that in couchdb, a distributed,\nfault-tolerant and schema-free document-oriented database, an insecure\nlibrary search path is used; a local attacker could execute arbitrary\ncode by first dumping a maliciously crafted shared library in some\ndirectory, and then having an administrator run couchdb from this same\ndirectory.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.0-2+lenny1.\n\nWe recommend that you upgrade your couchdb package.\";\ntag_summary = \"The remote host is missing an update to couchdb\nannounced via advisory DSA 2107-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202107-1\";\n\n\nif(description)\n{\n script_id(68087);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2953\");\n script_name(\"Debian Security Advisory DSA 2107-1 (couchdb)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"couchdb\", ver:\"0.8.0-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:53:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2234", "CVE-2010-2953"], "description": "Check for the Version of couchdb", "modified": "2018-01-01T00:00:00", "published": "2010-09-22T00:00:00", "id": "OPENVAS:1361412562310862416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862416", "type": "openvas", "title": "Fedora Update for couchdb FEDORA-2010-13665", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for couchdb FEDORA-2010-13665\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"couchdb on Fedora 12\";\ntag_insight = \"Apache CouchDB is a distributed, fault-tolerant and schema-free\n document-oriented database accessible via a RESTful HTTP/JSON API.\n Among other features, it provides robust, incremental replication\n with bi-directional conflict detection and resolution, and is\n queryable and indexable using a table-oriented view engine with\n JavaScript acting as the default view definition language.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047951.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862416\");\n script_version(\"$Revision: 8266 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 08:28:32 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13665\");\n script_cve_id(\"CVE-2010-2953\", \"CVE-2010-2234\");\n script_name(\"Fedora Update for couchdb FEDORA-2010-13665\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of couchdb\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"couchdb\", rpm:\"couchdb~0.11.2~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2234", "CVE-2010-2953"], "description": "Check for the Version of couchdb", "modified": "2017-12-20T00:00:00", "published": "2010-09-22T00:00:00", "id": "OPENVAS:1361412562310862411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862411", "type": "openvas", "title": "Fedora Update for couchdb FEDORA-2010-13640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for couchdb FEDORA-2010-13640\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"couchdb on Fedora 13\";\ntag_insight = \"Apache CouchDB is a distributed, fault-tolerant and schema-free\n document-oriented database accessible via a RESTful HTTP/JSON API.\n Among other features, it provides robust, incremental replication\n with bi-directional conflict detection and resolution, and is\n queryable and indexable using a table-oriented view engine with\n JavaScript acting as the default view definition language.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047983.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862411\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13640\");\n script_cve_id(\"CVE-2010-2953\", \"CVE-2010-2234\");\n script_name(\"Fedora Update for couchdb FEDORA-2010-13640\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of couchdb\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"couchdb\", rpm:\"couchdb~0.11.2~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2234", "CVE-2010-2953"], "description": "Check for the Version of couchdb", "modified": "2017-12-14T00:00:00", "published": "2010-09-22T00:00:00", "id": "OPENVAS:862416", "href": "http://plugins.openvas.org/nasl.php?oid=862416", "type": "openvas", "title": "Fedora Update for couchdb FEDORA-2010-13665", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for couchdb FEDORA-2010-13665\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"couchdb on Fedora 12\";\ntag_insight = \"Apache CouchDB is a distributed, fault-tolerant and schema-free\n document-oriented database accessible via a RESTful HTTP/JSON API.\n Among other features, it provides robust, incremental replication\n with bi-directional conflict detection and resolution, and is\n queryable and indexable using a table-oriented view engine with\n JavaScript acting as the default view definition language.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047951.html\");\n script_id(862416);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13665\");\n script_cve_id(\"CVE-2010-2953\", \"CVE-2010-2234\");\n script_name(\"Fedora Update for couchdb FEDORA-2010-13665\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of couchdb\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"couchdb\", rpm:\"couchdb~0.11.2~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:10:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2234", "CVE-2010-2953"], "description": "Check for the Version of couchdb", "modified": "2017-12-11T00:00:00", "published": "2010-09-22T00:00:00", "id": "OPENVAS:862411", "href": "http://plugins.openvas.org/nasl.php?oid=862411", "type": "openvas", "title": "Fedora Update for couchdb FEDORA-2010-13640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for couchdb FEDORA-2010-13640\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"couchdb on Fedora 13\";\ntag_insight = \"Apache CouchDB is a distributed, fault-tolerant and schema-free\n document-oriented database accessible via a RESTful HTTP/JSON API.\n Among other features, it provides robust, incremental replication\n with bi-directional conflict detection and resolution, and is\n queryable and indexable using a table-oriented view engine with\n JavaScript acting as the default view definition language.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047983.html\");\n script_id(862411);\n script_version(\"$Revision: 8068 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-11 07:31:34 +0100 (Mon, 11 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13640\");\n script_cve_id(\"CVE-2010-2953\", \"CVE-2010-2234\");\n script_name(\"Fedora Update for couchdb FEDORA-2010-13640\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of couchdb\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"couchdb\", rpm:\"couchdb~0.11.2~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-2953"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2107-1 security@debian.org\r\nhttp://www.debian.org/security/ Sebastien Delafond\r\nSep 9, 2010 http://www.debian.org/security/faq\r\n- - ------------------------------------------------------------------------\r\n\r\nPackage : couchdb\r\nVulnerability : untrusted search path\r\nProblem type : local\r\nDebian-specific: no\r\nCVE Id : CVE-2010-2953\r\nDebian Bug : 594412\r\n\r\nDan Rosenberg discovered that in couchdb, a distributed,\r\nfault-tolerant and schema-free document-oriented database, an insecure\r\nlibrary search path is used; a local attacker could execute arbitrary\r\ncode by first dumping a maliciously crafted shared library in some\r\ndirectory, and then having an administrator run couchdb from this same\r\ndirectory.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 0.8.0-2+lenny1.\r\n\r\nWe recommend that you upgrade your couchdb package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1.dsc\r\n Size/MD5 checksum: 1309 2a4a53978b085f1222e75f6106f4ee4d\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1.diff.gz\r\n Size/MD5 checksum: 4941 dca93014f06c7521660ebe5e2c2309da\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0.orig.tar.gz\r\n Size/MD5 checksum: 560637 0837bce26ed2ab2ce2efd65e86c85bfc\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_alpha.deb\r\n Size/MD5 checksum: 277348 1a038436ac64f66a2d9cc23775589b6f\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_amd64.deb\r\n Size/MD5 checksum: 277324 cb838abfb1b2a623a9e3457922bf1925\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_arm.deb\r\n Size/MD5 checksum: 274602 2e75d6e81dbb7194d1a8f6001d37598b\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_armel.deb\r\n Size/MD5 checksum: 275548 d5a7b1f7407269243e6c79bdf4ce50ea\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_hppa.deb\r\n Size/MD5 checksum: 278728 3bb4c5a7d223fae6b96437ed89575c3f\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_i386.deb\r\n Size/MD5 checksum: 275686 f0135ec654b502ecbcbdaa26f65542c4\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_ia64.deb\r\n Size/MD5 checksum: 279586 4725662dc6d62d1d193e58eaa0c00d2f\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_mips.deb\r\n Size/MD5 checksum: 276820 d2dd578ac579d20c719bfcd225265eb8\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_mipsel.deb\r\n Size/MD5 checksum: 278256 680e03ba3bc11f30c2aa4748b3e76f31\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_powerpc.deb\r\n Size/MD5 checksum: 281584 40fa5e635d4c0c956cee908f7cf66096\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_s390.deb\r\n Size/MD5 checksum: 276302 cd6162c5068d9f2e25e0f7952d7f5df0\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_sparc.deb\r\n Size/MD5 checksum: 275786 5f6d4d4208838527a16cf7ce95d848c7\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkyIvtoACgkQiZgNKcDdyD9PLgCgpEUczyWbbIGDAaxIXL/HKgq0\r\n6FcAn08h0R857YhzaaG5ak31jU+wznKw\r\n=3qTO\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-09-12T00:00:00", "published": "2010-09-12T00:00:00", "id": "SECURITYVULNS:DOC:24706", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24706", "title": "[SECURITY] [DSA 2107-1] New couchdb package fixes arbitrary code execution", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:58", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2953"], "description": "- - ------------------------------------------------------------------------\nDebian Security Advisory DSA-2107-1 security@debian.org\nhttp://www.debian.org/security/ S\u00e9bastien Delafond\nSep 9, 2010 http://www.debian.org/security/faq\n- - ------------------------------------------------------------------------\n\nPackage : couchdb\nVulnerability : untrusted search path\nProblem type : local\nDebian-specific: no\nCVE Id : CVE-2010-2953\nDebian Bug : 594412\n\nDan Rosenberg discovered that in couchdb, a distributed,\nfault-tolerant and schema-free document-oriented database, an insecure\nlibrary search path is used; a local attacker could execute arbitrary\ncode by first dumping a maliciously crafted shared library in some\ndirectory, and then having an administrator run couchdb from this same\ndirectory.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.0-2+lenny1.\n\nWe recommend that you upgrade your couchdb package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1.dsc\n Size/MD5 checksum: 1309 2a4a53978b085f1222e75f6106f4ee4d\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1.diff.gz\n Size/MD5 checksum: 4941 dca93014f06c7521660ebe5e2c2309da\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0.orig.tar.gz\n Size/MD5 checksum: 560637 0837bce26ed2ab2ce2efd65e86c85bfc\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_alpha.deb\n Size/MD5 checksum: 277348 1a038436ac64f66a2d9cc23775589b6f\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_amd64.deb\n Size/MD5 checksum: 277324 cb838abfb1b2a623a9e3457922bf1925\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_arm.deb\n Size/MD5 checksum: 274602 2e75d6e81dbb7194d1a8f6001d37598b\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_armel.deb\n Size/MD5 checksum: 275548 d5a7b1f7407269243e6c79bdf4ce50ea\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_hppa.deb\n Size/MD5 checksum: 278728 3bb4c5a7d223fae6b96437ed89575c3f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_i386.deb\n Size/MD5 checksum: 275686 f0135ec654b502ecbcbdaa26f65542c4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_ia64.deb\n Size/MD5 checksum: 279586 4725662dc6d62d1d193e58eaa0c00d2f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_mips.deb\n Size/MD5 checksum: 276820 d2dd578ac579d20c719bfcd225265eb8\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_mipsel.deb\n Size/MD5 checksum: 278256 680e03ba3bc11f30c2aa4748b3e76f31\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_powerpc.deb\n Size/MD5 checksum: 281584 40fa5e635d4c0c956cee908f7cf66096\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_s390.deb\n Size/MD5 checksum: 276302 cd6162c5068d9f2e25e0f7952d7f5df0\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_sparc.deb\n Size/MD5 checksum: 275786 5f6d4d4208838527a16cf7ce95d848c7\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2010-09-09T11:03:25", "published": "2010-09-09T11:03:25", "id": "DEBIAN:DSA-2107-1:D2F18", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00154.html", "title": "[SECURITY] [DSA 2107-1] New couchdb package fixes arbitrary code execution", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:46:04", "description": "Dan Rosenberg discovered that in couchdb, a distributed,\nfault-tolerant and schema-free document-oriented database, an insecure\nlibrary search path is used. A local attacker could execute arbitrary\ncode by first dumping a maliciously crafted shared library in some\ndirectory, and then having an administrator run couchdb from this same\ndirectory.", "edition": 26, "published": "2010-09-12T00:00:00", "title": "Debian DSA-2107-1 : couchdb - untrusted search path", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2953"], "modified": "2010-09-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:couchdb"], "id": "DEBIAN_DSA-2107.NASL", "href": "https://www.tenable.com/plugins/nessus/49184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2107. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49184);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2953\");\n script_bugtraq_id(42758);\n script_xref(name:\"DSA\", value:\"2107\");\n\n script_name(english:\"Debian DSA-2107-1 : couchdb - untrusted search path\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Rosenberg discovered that in couchdb, a distributed,\nfault-tolerant and schema-free document-oriented database, an insecure\nlibrary search path is used. A local attacker could execute arbitrary\ncode by first dumping a maliciously crafted shared library in some\ndirectory, and then having an administrator run couchdb from this same\ndirectory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2107\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the couchdb package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.0-2+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:couchdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"couchdb\", reference:\"0.8.0-2+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:57", "description": "Despite the fact that this is a security-related fix I would like to\ntest these packages for a while because of possible API\nincompatibilities (version upgrade).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-09-21T00:00:00", "title": "Fedora 12 : couchdb-0.11.2-2.fc12 (2010-13665)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2234", "CVE-2010-2953"], "modified": "2010-09-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:couchdb"], "id": "FEDORA_2010-13665.NASL", "href": "https://www.tenable.com/plugins/nessus/49294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13665.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49294);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2234\", \"CVE-2010-2953\");\n script_bugtraq_id(42501, 42758);\n script_xref(name:\"FEDORA\", value:\"2010-13665\");\n\n script_name(english:\"Fedora 12 : couchdb-0.11.2-2.fc12 (2010-13665)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Despite the fact that this is a security-related fix I would like to\ntest these packages for a while because of possible API\nincompatibilities (version upgrade).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=627498\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047951.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e3664be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected couchdb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:couchdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"couchdb-0.11.2-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"couchdb\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:57", "description": "Despite the fact that this is a security-related fix I would like to\ntest these packages for a while because of possible API\nincompatibilities (version upgrade).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-09-21T00:00:00", "title": "Fedora 13 : couchdb-0.11.2-2.fc13 (2010-13640)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2234", "CVE-2010-2953"], "modified": "2010-09-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:couchdb"], "id": "FEDORA_2010-13640.NASL", "href": "https://www.tenable.com/plugins/nessus/49293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13640.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49293);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2234\", \"CVE-2010-2953\");\n script_bugtraq_id(42501, 42758);\n script_xref(name:\"FEDORA\", value:\"2010-13640\");\n\n script_name(english:\"Fedora 13 : couchdb-0.11.2-2.fc13 (2010-13640)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Despite the fact that this is a security-related fix I would like to\ntest these packages for a while because of possible API\nincompatibilities (version upgrade).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=627498\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b8767c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected couchdb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:couchdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"couchdb-0.11.2-2.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"couchdb\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2234", "CVE-2010-2953"], "description": "Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a table-oriented view engine with JavaScript acting as the default view definition language. ", "modified": "2010-09-21T01:42:25", "published": "2010-09-21T01:42:25", "id": "FEDORA:06001110E77", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: couchdb-0.11.2-2.fc13", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2234", "CVE-2010-2953"], "description": "Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a table-oriented view engine with JavaScript acting as the default view definition language. ", "modified": "2010-09-21T01:33:03", "published": "2010-09-21T01:33:03", "id": "FEDORA:C78E2110B52", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: couchdb-0.11.2-2.fc12", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}