{"id": "SECURITYVULNS:VULN:14004", "bulletinFamily": "software", "title": "Exuberant Ctags DoS", "description": "Infinite loop leads to resources exhaustion.", "published": "2014-10-13T00:00:00", "modified": "2014-10-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14004", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31149"], "cvelist": ["CVE-2014-7204"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:57", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "b2621519ee24b6c7cf9e2efa101738ff"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "a42f9d9bed3d72cc713a46093228bcb0"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "09da40482590c6168caaa952316be7a4"}, {"key": "href", "hash": "1955c00673e07cb18602950fe8fe0fde"}, {"key": "modified", "hash": "5f2858ac82114a1cb4cc0aa2402b974c"}, {"key": "published", "hash": "5f2858ac82114a1cb4cc0aa2402b974c"}, {"key": "references", "hash": "5d4d7b159c3ffe44bb78648a1260ca73"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "17010dd07cb66fd5de91656ebd90952e"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "f5420cb1f494a2be8e3f214891e223dffa6d2de3abf8e4d8c10ac1d9a1b8b7fc", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:09:57"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-7204"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-206.NASL", "FEDORA_2014-11924.NASL", "MANDRIVA_MDVSA-2015-178.NASL", "UBUNTU_USN-2371-1.NASL", "DEBIAN_DSA-3042.NASL", "DEBIAN_DLA-69.NASL", "SUSE_SU-2016-2097-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868377", "OPENVAS:703042", "OPENVAS:1361412562310703042", "OPENVAS:1361412562310841995"]}, {"type": "ubuntu", "idList": ["USN-2371-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31149"]}, {"type": "archlinux", "idList": ["ASA-201410-11"]}, {"type": "debian", "idList": ["DEBIAN:DLA-69-1:F550F", "DEBIAN:DSA-3042-1:A3846"]}], "modified": "2018-08-31T11:09:57"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": [{"name": "ctags", "operator": "eq", "version": "5.9"}]}

{"cve": [{"lastseen": "2016-09-03T21:15:39", "bulletinFamily": "NVD", "description": "jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.", "modified": "2016-08-30T10:10:07", "published": "2014-10-07T10:55:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7204", "id": "CVE-2014-7204", "title": "CVE-2014-7204", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:22:38", "bulletinFamily": "scanner", "description": "Updated ctags package fixes security vulnerability :\n\nA denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop (CVE-2014-7204).", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2014-206.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78685", "published": "2014-10-27T00:00:00", "title": "Mandriva Linux Security Advisory : ctags (MDVSA-2014:206)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:206. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78685);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2014-7204\");\n script_bugtraq_id(70168);\n script_xref(name:\"MDVSA\", value:\"2014:206\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ctags (MDVSA-2014:206)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ctags package fixes security vulnerability :\n\nA denial of service issue was discovered in ctags 5.8. A remote\nattacker could cause excessive CPU usage and disk space consumption\nvia a crafted JavaScript file by triggering an infinite loop\n(CVE-2014-7204).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0415.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ctags package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ctags\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ctags-5.8-4.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:31", "bulletinFamily": "scanner", "description": "A denial of service issue was discovered in ctags. This could lead to excessive CPU and disk space consumption.\n\nThis update resolves this issue\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2014-11924.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78248", "published": "2014-10-11T00:00:00", "title": "Fedora 20 : ctags-5.8-16.fc20 (2014-11924)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-11924.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78248);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:21\");\n\n script_cve_id(\"CVE-2014-7204\");\n script_bugtraq_id(70168);\n script_xref(name:\"FEDORA\", value:\"2014-11924\");\n\n script_name(english:\"Fedora 20 : ctags-5.8-16.fc20 (2014-11924)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service issue was discovered in ctags. This could lead to\nexcessive CPU and disk space consumption.\n\nThis update resolves this issue\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1147339\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140349.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2bad3ef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ctags package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ctags\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"ctags-5.8-16.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctags\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:52", "bulletinFamily": "scanner", "description": "Updated ctags package fixes security vulnerability :\n\nA denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop (CVE-2014-7204).", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2015-178.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82453", "published": "2015-03-31T00:00:00", "title": "Mandriva Linux Security Advisory : ctags (MDVSA-2015:178)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:178. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82453);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-7204\");\n script_xref(name:\"MDVSA\", value:\"2015:178\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ctags (MDVSA-2015:178)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ctags package fixes security vulnerability :\n\nA denial of service issue was discovered in ctags 5.8. A remote\nattacker could cause excessive CPU usage and disk space consumption\nvia a crafted JavaScript file by triggering an infinite loop\n(CVE-2014-7204).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0415.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ctags package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ctags\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"ctags-5.8-8.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:50", "bulletinFamily": "scanner", "description": "This update for ctags fixes the following issues :\n\n - CVE-2014-7204: Potential denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. (bsc#899486)\n\n - Missing Requires(post) on coreutils as it is using rm(1). (bsc#976920)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-29T00:00:00", "id": "SUSE_SU-2016-2097-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93297", "published": "2016-09-02T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ctags (SUSE-SU-2016:2097-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2097-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93297);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/29 12:03:39\");\n\n script_cve_id(\"CVE-2014-7204\");\n script_bugtraq_id(70168);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ctags (SUSE-SU-2016:2097-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ctags fixes the following issues :\n\n - CVE-2014-7204: Potential denial of service (infinite\n loop and CPU and disk consumption) via a crafted\n JavaScript file. (bsc#899486)\n\n - Missing Requires(post) on coreutils as it is using\n rm(1). (bsc#976920)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7204/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162097-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6ba9bca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1239=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1239=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ctags\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ctags-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ctags-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ctags-5.8-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ctags-debuginfo-5.8-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ctags-debugsource-5.8-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ctags-5.8-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ctags-debuginfo-5.8-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ctags-debugsource-5.8-7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctags\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:48", "bulletinFamily": "scanner", "description": "Stefano Zacchiroli discovered that certain JavaScript input files cause ctags to enter an infinite loop until it runs out of disk space.\nThis update fixes the JavaScript parser.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-09T00:00:00", "id": "DEBIAN_DLA-69.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82214", "published": "2015-03-26T00:00:00", "title": "Debian DLA-69-1 : exuberant-ctags security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-69-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82214);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2014-7204\");\n script_bugtraq_id(70168);\n\n script_name(english:\"Debian DLA-69-1 : exuberant-ctags security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefano Zacchiroli discovered that certain JavaScript input files\ncause ctags to enter an infinite loop until it runs out of disk space.\nThis update fixes the JavaScript parser.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/10/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/exuberant-ctags\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected exuberant-ctags package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:exuberant-ctags\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"exuberant-ctags\", reference:\"1:5.8-3squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:29", "bulletinFamily": "scanner", "description": "Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3042.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78044", "published": "2014-10-06T00:00:00", "title": "Debian DSA-3042-1 : exuberant-ctags - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3042. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78044);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-7204\");\n script_bugtraq_id(70168);\n script_xref(name:\"DSA\", value:\"3042\");\n\n script_name(english:\"Debian DSA-3042-1 : exuberant-ctags - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a\ntool to build tag file indexes of source code definitions: Certain\nJavaScript files cause ctags to enter an infinite loop until it runs\nout of disk space, resulting in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/exuberant-ctags\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3042\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the exuberant-ctags packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:5.9~svn20110310-4+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:exuberant-ctags\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"exuberant-ctags\", reference:\"1:5.9~svn20110310-4+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:30", "bulletinFamily": "scanner", "description": "It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2371-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78107", "published": "2014-10-09T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS : exuberant-ctags vulnerability (USN-2371-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2371-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78107);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-7204\");\n script_bugtraq_id(70168);\n script_xref(name:\"USN\", value:\"2371-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS : exuberant-ctags vulnerability (USN-2371-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Exuberant Ctags incorrectly handled certain\nminified js files. An attacker could use this issue to possibly cause\nExuberant Ctags to consume resources, resulting in a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2371-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected exuberant-ctags package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:exuberant-ctags\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"exuberant-ctags\", pkgver:\"1:5.9~svn20110310-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"exuberant-ctags\", pkgver:\"1:5.9~svn20110310-7ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"exuberant-ctags\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:55:32", "bulletinFamily": "scanner", "description": "Check the version of ctags", "modified": "2017-07-10T00:00:00", "published": "2014-10-11T00:00:00", "id": "OPENVAS:1361412562310868377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868377", "title": "Fedora Update for ctags FEDORA-2014-11924", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ctags FEDORA-2014-11924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868377\");\n script_version(\"$Revision: 6637 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-11 05:57:16 +0200 (Sat, 11 Oct 2014)\");\n script_cve_id(\"CVE-2014-7204\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for ctags FEDORA-2014-11924\");\n script_tag(name: \"summary\", value: \"Check the version of ctags\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Ctags generates an index (or tag) file of C language objects found in\nC source and header files. The index makes it easy for text editors or\nother utilities to locate the indexed items. Ctags can also generate a\ncross reference file which lists information about the various objects\nfound in a set of C language files in human readable form. Exuberant\nCtags improves on ctags because it can find all types of C language tags,\nincluding macro definitions, enumerated values (values inside enum{...}),\nfunction and method definitions, enum/struct/union tags, external\nfunction prototypes, typedef names and variable declarations. Exuberant\nCtags is far less likely to be fooled by code containing #if preprocessor\nconditional constructs than ctags. Exuberant ctags supports output of\nEmacs style TAGS files and can be used to print out a list of selected\nobjects found in source files.\n\nInstall ctags if you are going to use your system for C programming.\n\");\n script_tag(name: \"affected\", value: \"ctags on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-11924\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140349.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"ctags\", rpm:\"ctags~5.8~16.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:03:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-10-09T00:00:00", "id": "OPENVAS:1361412562310841995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841995", "title": "Ubuntu Update for exuberant-ctags USN-2371-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2371_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for exuberant-ctags USN-2371-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841995\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-09 06:01:52 +0200 (Thu, 09 Oct 2014)\");\n script_cve_id(\"CVE-2014-7204\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for exuberant-ctags USN-2371-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'exuberant-ctags'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Exuberant Ctags incorrectly handled certain minified\njs files. An attacker could use this issue to possibly cause Exuberant\nCtags to consume resources, resulting in a denial of service.\");\n script_tag(name:\"affected\", value:\"exuberant-ctags on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2371-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2371-1/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-7ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-3ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:48:20", "bulletinFamily": "scanner", "description": "Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool\nto build tag file indexes of source code definitions: Certain JavaScript\nfiles cause ctags to enter an infinite loop until it runs out of disk\nspace, resulting in denial of service.", "modified": "2017-07-11T00:00:00", "published": "2014-10-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703042", "id": "OPENVAS:703042", "title": "Debian Security Advisory DSA 3042-1 (exuberant-ctags - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3042.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 3042-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703042);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-7204\");\n script_name(\"Debian Security Advisory DSA 3042-1 (exuberant-ctags - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-04 00:00:00 +0200 (Sat, 04 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3042.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"exuberant-ctags on Debian Linux\");\n script_tag(name: \"insight\", value: \"ctags parses source code and produces a sort of index mapping\nthe names of significant entities (e.g. functions, classes,\nvariables) to the location where that entity is defined. This\nindex is used by editors like vi and emacsen to allow moving to\nthe definition of a user-specified entity.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), this problem has been fixed in\nversion 1:5.9~svn20110310-4+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1:5.9~svn20110310-8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:5.9~svn20110310-8.\n\nWe recommend that you upgrade your exuberant-ctags packages.\");\n script_tag(name: \"summary\", value: \"Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool\nto build tag file indexes of source code definitions: Certain JavaScript\nfiles cause ctags to enter an infinite loop until it runs out of disk\nspace, resulting in denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-4+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-4+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-4+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-4+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:21", "bulletinFamily": "scanner", "description": "Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool\nto build tag file indexes of source code definitions: Certain JavaScript\nfiles cause ctags to enter an infinite loop until it runs out of disk\nspace, resulting in denial of service.", "modified": "2018-04-06T00:00:00", "published": "2014-10-04T00:00:00", "id": "OPENVAS:1361412562310703042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703042", "title": "Debian Security Advisory DSA 3042-1 (exuberant-ctags - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3042.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3042-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703042\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-7204\");\n script_name(\"Debian Security Advisory DSA 3042-1 (exuberant-ctags - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-04 00:00:00 +0200 (Sat, 04 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3042.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"exuberant-ctags on Debian Linux\");\n script_tag(name: \"insight\", value: \"ctags parses source code and produces a sort of index mapping\nthe names of significant entities (e.g. functions, classes,\nvariables) to the location where that entity is defined. This\nindex is used by editors like vi and emacsen to allow moving to\nthe definition of a user-specified entity.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), this problem has been fixed in\nversion 1:5.9~svn20110310-4+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1:5.9~svn20110310-8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:5.9~svn20110310-8.\n\nWe recommend that you upgrade your exuberant-ctags packages.\");\n script_tag(name: \"summary\", value: \"Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool\nto build tag file indexes of source code definitions: Certain JavaScript\nfiles cause ctags to enter an infinite loop until it runs out of disk\nspace, resulting in denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-4+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-4+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-4+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"exuberant-ctags\", ver:\"1:5.9~svn20110310-4+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:23", "bulletinFamily": "unix", "description": "It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service.", "modified": "2014-10-08T00:00:00", "published": "2014-10-08T00:00:00", "id": "USN-2371-1", "href": "https://usn.ubuntu.com/2371-1/", "title": "Exuberant Ctags vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:06", "bulletinFamily": "unix", "description": "Package : exuberant-ctags\nVersion : 1:5.8-3squeeze2\nCVE ID : CVE-2014-7204\nDebian Bug : 742605\n\nStefano Zacchiroli discovered that certain JavaScript input files cause\nctags to enter an infinite loop until it runs out of disk space. This\nupdate fixes the JavaScript parser.\n", "modified": "2014-10-03T13:38:18", "published": "2014-10-03T13:38:18", "id": "DEBIAN:DLA-69-1:F550F", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201410/msg00000.html", "title": "[SECURITY] [DLA 69-1] exuberant-ctags security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:37", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3042-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 04, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : exuberant-ctags\nCVE ID : CVE-2014-7204\n\nStefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool\nto build tag file indexes of source code definitions: Certain JavaScript\nfiles cause ctags to enter an infinite loop until it runs out of disk \nspace, resulting in denial of service.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:5.9~svn20110310-4+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1:5.9~svn20110310-8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:5.9~svn20110310-8.\n\nWe recommend that you upgrade your exuberant-ctags packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-10-04T09:34:52", "published": "2014-10-04T09:34:52", "id": "DEBIAN:DSA-3042-1:A3846", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00230.html", "title": "[SECURITY] [DSA 3042-1] exuberant-ctags security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:39", "bulletinFamily": "unix", "description": "Stefano Zacchiroli discovered a vulnerability in ctags, a tool to build\ntag file indexes of source code definitions: Certain JavaScript files\ncause ctags to enter an infinite loop until it runs out of disk space,\nresulting in denial of service.", "modified": "2014-10-24T00:00:00", "published": "2014-10-24T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html", "id": "ASA-201410-11", "title": "ctags: Denial of service", "type": "archlinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2371-1\r\nOctober 08, 2014\r\n\r\nexuberant-ctags vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nExuberant Ctags could be made to consume resources.\r\n\r\nSoftware Description:\r\n- exuberant-ctags: build tag file indexes of source code definitions\r\n\r\nDetails:\r\n\r\nIt was discovered that Exuberant Ctags incorrectly handled certain minified\r\njs files. An attacker could use this issue to possibly cause Exuberant\r\nCtags to consume resources, resulting in a denial of service.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.04 LTS:\r\n exuberant-ctags 1:5.9~svn20110310-7ubuntu0.1\r\n\r\nUbuntu 12.04 LTS:\r\n exuberant-ctags 1:5.9~svn20110310-3ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2371-1\r\n CVE-2014-7204\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-7ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-3ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2014-10-13T00:00:00", "published": "2014-10-13T00:00:00", "id": "SECURITYVULNS:DOC:31149", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31149", "title": "[USN-2371-1] Exuberant Ctags vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}