{"id": "SECURITYVULNS:VULN:8640", "bulletinFamily": "software", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "published": "2008-02-06T00:00:00", "modified": "2008-02-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8640", "reporter": " ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:19020", "https://vulners.com/securityvulns/securityvulns:doc:19024", "https://vulners.com/securityvulns/securityvulns:doc:19018", "https://vulners.com/securityvulns/securityvulns:doc:19019"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:28", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "9cfa11ebd10156b395ccb67fa101a0c7"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "c61e5d59aa5c4e535b518cca44e00a6f"}, {"key": "href", "hash": "496174f8fb241dabaf22e91ad681a689"}, {"key": "modified", "hash": "fc6da185bfe238399f66763530a395ec"}, {"key": "published", "hash": "fc6da185bfe238399f66763530a395ec"}, {"key": "references", "hash": "adaf6c32d0225a1349beea2390a0b68e"}, {"key": "reporter", "hash": "7215ee9c7d9dc229d2921a40e899ec5f"}, {"key": "title", "hash": "c71de4d0becfd832639c1439702d0d67"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "652c3e0906b6b3912ac8e2f5f38e76ccf94a212824e304774d2ebdd6083a29df", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-08-31T11:09:28"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Documentum Administrator", "operator": "eq", "version": "5.3"}, {"name": "Documentum Webtop", "operator": "eq", "version": "5.3"}, {"name": "Webmin", "operator": "eq", "version": "1.390"}, {"name": "Azucar CMS", "operator": "eq", "version": "1.3"}]}

{"openvas": [{"lastseen": "2018-08-24T21:13:41", "references": ["https://support.hp.com/us-en/document/c06097712", "https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/", "https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/"], "pluginID": "1361412562310141380", "description": "Two security vulnerabilities have been identified with certain HP Inkjet\nprinters. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which\ncould allow remote code execution. ", "edition": 1, "reporter": "This script is Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-08-17T00:00:00", "title": "HP Ink Printers RCE Vulnerabilities (Faxploit)", "type": "openvas", "enchantments": {"score": {"modified": "2018-08-24T21:13:41", "vector": "NONE", "value": 6.8}}, "naslFamily": "Gain a shell remotely", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5924", "CVE-2018-5925"], "modified": "2018-08-22T00:00:00", "id": "OPENVAS:1361412562310141380", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310141380", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_printers_fax_rce_vuln.nasl 11084 2018-08-22 17:10:42Z cfischer $\n#\n# HP Ink Printers RCE Vulnerabilities (Faxploit)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.141380\");\n script_version(\"$Revision: 11084 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-22 19:10:42 +0200 (Wed, 22 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-17 10:33:30 +0700 (Fri, 17 Aug 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2018-5924\", \"CVE-2018-5925\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_name(\"HP Ink Printers RCE Vulnerabilities (Faxploit)\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Gain a shell remotely\");\n script_dependencies(\"gb_hp_printer_detect.nasl\");\n script_mandatory_keys(\"hp_printer/installed\");\n\n script_tag(name:\"summary\", value:\"Two security vulnerabilities have been identified with certain HP Inkjet\nprinters. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which\ncould allow remote code execution. \");\n\n script_tag(name:\"vuldetect\", value:\"The script checks if the target host is a vulnerable device running a\nvulnerable firmware version.\");\n\n script_tag(name:\"affected\", value:\"Multiple HP PageWide Pro, HP DesignJet, HP Officejet, HP Deskjet and HP Envy\ndevices. See the referenced advisory for an extended list.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_xref(name:\"URL\", value:\"https://support.hp.com/us-en/document/c06097712\");\n script_xref(name:\"URL\", value:\"https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/\");\n script_xref(name:\"URL\", value:\"https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"hp_model\"))\n exit(0);\n\nif (!fw_ver = get_kb_item(\"hp_fw_ver\"))\n exit(0);\n\nif (model =~ \"^PageWide 352dw\") {\n if (version_is_less(version: fw_ver, test_version: \"ICEMDWPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"ICEMDWPP1N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide MFP P57750\") {\n if (version_is_less(version: fw_ver, test_version: \"MAHDWOPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MAHDWOPP1N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide Managed MFP (P77740(dn|dw|z|P777(5|6)0z))\") {\n if (version_is_less(version: fw_ver, test_version: \"LIMOFWPP1N005.1828A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"LIMOFWPP1N005.1828A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide P55250dw\") {\n if (version_is_less(version: fw_ver, test_version: \"ICHDWOPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"ICHDWOPP1N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide (Managed )?P75050(dn|dw)\") {\n if (version_is_less(version: fw_ver, test_version: \"LIMOFWPP1N005.1828A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"LIMOFWPP1N005.1828A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide 377dw\") {\n if (version_is_less(version: fw_ver, test_version: \"MAVEDWPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MAVEDWPP1N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide Pro 452dn\") {\n if (version_is_less(version: fw_ver, test_version: \"ICEMDNPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"ICEMDNPP1N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide Pro 552dw\") {\n if (version_is_less(version: fw_ver, test_version: \"ICHDWOPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"ICHDWOPP1N001.1829A.0\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide Pro 750(dn|dw)\") {\n if (version_is_less(version: fw_ver, test_version: \"LIMOFWPP1N005.1828A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"LIMOFWPP1N005.1828A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide Pro 477(dn|dw)\") {\n if (version_is_less(version: fw_ver, test_version: \"MAVEDNPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MAVEDNPP1N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide Pro 577\") {\n if (version_is_less(version: fw_ver, test_version: \"MAHDWOPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MAHDWOPP1N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide Pro MFP 772(dn|dw)\") {\n if (version_is_less(version: fw_ver, test_version: \"LIMOFWPP1N005.1828A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"LIMOFWPP1N005.1828A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^PageWide Pro 452dw\") {\n if (version_is_less(version: fw_ver, test_version: \"ICEMDWPP1N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"ICEMDWPP1N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro X451(dn|dw)\") {\n if (version_is_less(version: fw_ver, test_version: \"BNP1CN1829BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"BNP1CN1829BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro X476(dn|dw)\") {\n if (version_is_less(version: fw_ver, test_version: \"LNP1CN1829BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"LNP1CN1829BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro X551dw\") {\n if (version_is_less(version: fw_ver, test_version: \"BZP1CN1829BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"BZP1CN1829BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro X576dw\") {\n if (version_is_less(version: fw_ver, test_version: \"LZP1CN1829BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"LZP1CN1829BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Designjet T120\") {\n if (version_is_less(version: fw_ver, test_version: \"AXP2CN1829BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"AXP2CN1829BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Designjet T520\") {\n if (version_is_less(version: fw_ver, test_version: \"AXP2CN1829BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"AXP2CN1829BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DesignJet T730\") {\n if (version_is_less(version: fw_ver, test_version: \"CANDELPR2N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CANDELPR2N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DesignJet T830\") {\n if (version_is_less(version: fw_ver, test_version: \"CANDELPR2N001.1829A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CANDELPR2N001.1829A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Deskjet 2540\") {\n if (version_is_less(version: fw_ver, test_version: \"CBP1FN1828BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CBP1FN1828BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Deskjet 2600\") {\n if (version_is_less(version: fw_ver, test_version: \"TJP1FN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"TJP1FN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Deskjet Ink Advantage 3540\") {\n if (version_is_less(version: fw_ver, test_version: \"MLM1FN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MLM1FN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet 3630\") {\n if (version_is_less(version: fw_ver, test_version: \"SWP2FN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"SWP2FN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet 3700\") {\n if (version_is_less(version: fw_ver, test_version: \"LYP1FN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"LYP1FN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Deskjet Ink Advantage 4510\") {\n if (version_is_less(version: fw_ver, test_version: \"OAL1CN1828BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"OAL1CN1828BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Deskjet Ink Advantage 4530\") {\n if (version_is_less(version: fw_ver, test_version: \"CCP1FN1827BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CCP1FN1827BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage Ultra 4720\") {\n if (version_is_less(version: fw_ver, test_version: \"SAP1FN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"SAP1FN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage 5640\") {\n if (version_is_less(version: fw_ver, test_version: \"NIP1CN1831AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"NIP1CN1831AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage Ultra 5730\") {\n if (version_is_less(version: fw_ver, test_version: \"SDP1FN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"SDP1FN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet GT 5820\") {\n if (version_is_less(version: fw_ver, test_version: \"KWP1FN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"KWP1FN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Deskjet 2540\") {\n if (version_is_less(version: fw_ver, test_version: \"CBP1FN1828BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CBP1FN1828BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage 2600\") {\n if (version_is_less(version: fw_ver, test_version: \"THP1FN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"THP1FN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage 3700\") {\n if (version_is_less(version: fw_ver, test_version: \"LAP1FN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"LAP1FN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage 3830\") {\n if (version_is_less(version: fw_ver, test_version: \"SUP1FN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"SUP1FN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage 4640\") {\n if (version_is_less(version: fw_ver, test_version: \"MZM1FN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MZM1FN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage 4670\") {\n if (version_is_less(version: fw_ver, test_version: \"CEP1FN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CEP1FN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^DeskJet Ink Advantage 5570\") {\n if (version_is_less(version: fw_ver, test_version: \"NCP1CN1831AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"NCP1CN1831AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 120\") {\n if (version_is_less(version: fw_ver, test_version: \"SCP1CN1827AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"SCP1CN1827AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 4500\") {\n if (version_is_less(version: fw_ver, test_version: \"MKM1FN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MKM1FN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 4510\") {\n if (version_is_less(version: fw_ver, test_version: \"CMP1FN1827BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CMP1FN1827BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 4520\") {\n if (version_is_less(version: fw_ver, test_version: \"CFP1FN1827BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CFP1FN1827BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 5530\") {\n if (version_is_less(version: fw_ver, test_version: \"ORL1CN1828BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"ORL1CN1828BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 5540\") {\n if (version_is_less(version: fw_ver, test_version: \"NBP1CN1831AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"NBP1CN1831AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 5640\") {\n if (version_is_less(version: fw_ver, test_version: \"NLM5CN1830BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"NLM5CN1830BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 5660\") {\n if (version_is_less(version: fw_ver, test_version: \"NLM5CN1830BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"NLM5CN1830BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^ENVY 7640\") {\n if (version_is_less(version: fw_ver, test_version: \"NSM2CN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"NSM2CN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Ink Tank Wireless 410\") {\n if (version_is_less(version: fw_ver, test_version: \"KEP1FN1737JR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"KEP1FN1737JR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n if (fw_ver =~ \"KEP1FN1805\") {\n if (version_is_less(version: fw_ver, test_version: \"KEP1FN1805JR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"KEP1FN1805JR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nif (model =~ \"^OfficeJet 200\") {\n if (version_is_less(version: fw_ver, test_version: \"RBP1CN1827AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"RBP1CN1827AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 250\") {\n if (version_is_less(version: fw_ver, test_version: \"TZM1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"TZM1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 3830\") {\n if (version_is_less(version: fw_ver, test_version: \"SPP1FN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"SPP1FN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 4620\") {\n if (version_is_less(version: fw_ver, test_version: \"CWM1FN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CWM1FN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 4630\") {\n if (version_is_less(version: fw_ver, test_version: \"MYM1FN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MYM1FN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 4650\") {\n if (version_is_less(version: fw_ver, test_version: \"CUP1FN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CUP1FN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 5740\") {\n if (version_is_less(version: fw_ver, test_version: \"NPM5CN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"NPM5CN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 6600\") {\n if (version_is_less(version: fw_ver, test_version: \"MIM5CN1827DR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MIM5CN1827DR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 6700\") {\n if (version_is_less(version: fw_ver, test_version: \"MPM3CN1827DR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MPM3CN1827DR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 6950\") {\n if (version_is_less(version: fw_ver, test_version: \"MJM1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MJM1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet (Pro )?6960\") {\n if (version_is_less(version: fw_ver, test_version: \"MCP2CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MCP2CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 7110\") {\n if (version_is_less(version: fw_ver, test_version: \"EIP1FN1827AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"EIP1FN1827AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 7510\") {\n if (version_is_less(version: fw_ver, test_version: \"EZM1CN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"EZM1CN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^OfficeJet 7610\") {\n if (version_is_less(version: fw_ver, test_version: \"EXM1CN1828BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"EXM1CN1828BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 251dw\") {\n if (version_is_less(version: fw_ver, test_version: \"EVP1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"EVP1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 276dw\") {\n if (version_is_less(version: fw_ver, test_version: \"FRP1CN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"FRP1CN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 3610\") {\n if (version_is_less(version: fw_ver, test_version: \"MSP1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MSP1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 6830\") {\n if (version_is_less(version: fw_ver, test_version: \"PNP1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"PNP1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 6970\") {\n if (version_is_less(version: fw_ver, test_version: \"MCP2CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MCP2CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 7740\") {\n if (version_is_less(version: fw_ver, test_version: \"EDWINXPP1N002.1828A.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"EDWINXPP1N002.1828A.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8210\") {\n if (version_is_less(version: fw_ver, test_version: \"TESPDLPP1N001.1827B.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"TESPDLPP1N001.1827B.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8600\") {\n # e.g. CKP1CN1545AR\n if (fw_ver =~\"^CKP1CN\" ) {\n if (version_is_less(version: fw_ver, test_version: \"CKP1CN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CKP1CN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n } else {\n if (version_is_less(version: fw_ver, test_version: \"CLP1CN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"CLP1CN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nif (model =~ \"^Officejet Pro 8610\") {\n if (version_is_less(version: fw_ver, test_version: \"FDP1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"FDP1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8620\") {\n if (version_is_less(version: fw_ver, test_version: \"FDP1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"FDP1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8630\") {\n if (version_is_less(version: fw_ver, test_version: \"FDP1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"FDP1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8640\") {\n if (version_is_less(version: fw_ver, test_version: \"FDP1CN1828BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"FDP1CN1828BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8660\") {\n if (version_is_less(version: fw_ver, test_version: \"FDP1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"FDP1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8710\") {\n if (version_is_less(version: fw_ver, test_version: \"WBP2CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"WBP2CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8720\") {\n if (version_is_less(version: fw_ver, test_version: \"WMP1CN1828AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"WMP1CN1828AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8730\") {\n if (version_is_less(version: fw_ver, test_version: \"WEBPDLPP1N001.1827B.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"WEBPDLPP1N001.1827B.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Officejet Pro 8740\") {\n if (version_is_less(version: fw_ver, test_version: \"WEBPDLPP1N001.1827B.00\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"WEBPDLPP1N001.1827B.00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Photosmart 5510\") {\n if (version_is_less(version: fw_ver, test_version: \"EPL2CN1832AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"EPL2CN1832AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Photosmart 5510d\") {\n if (version_is_less(version: fw_ver, test_version: \"EDL1CN1829BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"EDL1CN1829BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Photosmart 5520\") {\n if (version_is_less(version: fw_ver, test_version: \"MGP5CN1828BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"MGP5CN1828BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Photosmart 6510\") {\n if (version_is_less(version: fw_ver, test_version: \"ESP1CN1829BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"ESP1CN1829BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Photosmart 6520\") {\n if (version_is_less(version: fw_ver, test_version: \"PKM2CN1828BR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"PKM2CN1828BR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Photosmart 7520\") {\n if (version_is_less(version: fw_ver, test_version: \"ELM1CN1830AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"ELM1CN1830AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Photosmart Plus B210\") {\n if (version_is_less(version: fw_ver, test_version: \"TAL1FN1829AR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"TAL1FN1829AR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (model =~ \"^Smart Tank Wireless 450\") {\n if (version_is_less(version: fw_ver, test_version: \"KDP1FN1737JR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"KDP1FN1737JR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n if (fw_ver =~ \"KDP1FN1805\") {\n if (version_is_less(version: fw_ver, test_version: \"KDP1FN1805JR\")) {\n report = report_fixed_ver(installed_version: fw_ver, fixed_version: \"KEP1FN1805JR\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-01T23:39:06", "references": ["2018:0262", "http://lists.centos.org/pipermail/centos-announce/2018-February/022762.html"], "pluginID": "1361412562310882843", "description": "Check the version of thunderbird", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-02T00:00:00", "title": "CentOS Update for thunderbird CESA-2018:0262 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "modified": "2018-08-10T00:00:00", "id": "OPENVAS:1361412562310882843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0262_thunderbird_centos6.nasl 10909 2018-08-10 15:03:01Z cfischer $\n#\n# CentOS Update for thunderbird CESA-2018:0262 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882843\");\n script_version(\"$Revision: 10909 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-10 17:03:01 +0200 (Fri, 10 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 06:30:48 +0100 (Fri, 02 Feb 2018)\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \n \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \n \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2018:0262 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of thunderbird\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Thunderbird is a standalone mail \nand newsgroup client.\n\nThis update upgrades Thunderbird to version 52.6.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,\nCVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104,\nCVE-2018-5117)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan\nFroyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos\nAlvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan,\nLudovic Hirlimann, Jason Orendorff, Anonymous, Nils, and Xisigr as the\noriginal reporters.\n\");\n script_tag(name: \"affected\", value: \"thunderbird on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2018:0262\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2018-February/022762.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.6.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:39:09", "references": ["http://lists.centos.org/pipermail/centos-announce/2018-February/022760.html", "2018:0260"], "pluginID": "1361412562310882841", "description": "Check the version of libgudev1-219-42.el7_", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-02T00:00:00", "title": "CentOS Update for libgudev1-219-42.el7_ CESA-2018:0260 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1049"], "modified": "2018-03-19T00:00:00", "id": "OPENVAS:1361412562310882841", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882841", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0260_libgudev1-219-42.el7__centos7.nasl 9135 2018-03-19 12:37:31Z asteins $\n#\n# CentOS Update for libgudev1-219-42.el7_ CESA-2018:0260 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882841\");\n script_version(\"$Revision: 9135 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-03-19 13:37:31 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 06:30:18 +0100 (Fri, 02 Feb 2018)\");\n script_cve_id(\"CVE-2018-1049\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libgudev1-219-42.el7_ CESA-2018:0260 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of libgudev1-219-42.el7_\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The systemd packages contain systemd, a \nsystem and service manager for Linux, compatible with the SysV and LSB init scripts. \nIt provides aggressive parallelism capabilities, uses socket and D-Bus activation \nfor starting services, offers on-demand starting of daemons, and keeps track of \nprocesses using Linux cgroups. In addition, it supports snapshotting and restoring \nof the system state, maintains mount and automount points, and implements an \nelaborate transactional dependency-based service control logic. It can also work \nas a drop-in replacement for sysvinit.\n\nSecurity Fix(es):\n\n* A race condition was found in systemd. This could result in automount\nrequests not being serviced and processes using them could hang, causing\ndenial of service. (CVE-2018-1049)\n\");\n script_tag(name: \"affected\", value: \"libgudev1-219-42.el7_ on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2018:0260\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2018-February/022760.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgudev1-219-42.el7\", rpm:\"libgudev1-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgudev1-devel-219-42.el7\", rpm:\"libgudev1-devel-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"systemd-219-42.el7\", rpm:\"systemd-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"systemd-devel-219-42.el7\", rpm:\"systemd-devel-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"systemd-journal-gateway-219-42.el7\", rpm:\"systemd-journal-gateway-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"systemd-libs-219-42.el7\", rpm:\"systemd-libs-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"systemd-networkd-219-42.el7\", rpm:\"systemd-networkd-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"systemd-python-219-42.el7\", rpm:\"systemd-python-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"systemd-resolved-219-42.el7\", rpm:\"systemd-resolved-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"systemd-sysv-219-42.el7\", rpm:\"systemd-sysv-219-42.el7~4.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-02-05T11:04:27", "references": ["2018-d9706e9f1f", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRO3PSVA6YL3YAMBU7BRKKRQM3H3GIRB"], "pluginID": "1361412562310874086", "description": "Check the version of firefox", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-02T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2018-d9706e9f1f", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-02-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874086", "id": "OPENVAS:1361412562310874086", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d9706e9f1f_firefox_fc26.nasl 8640 2018-02-02 12:22:12Z santu $\n#\n# Fedora Update for firefox FEDORA-2018-d9706e9f1f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874086\");\n script_version(\"$Revision: 8640 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-02 13:22:12 +0100 (Fri, 02 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 06:34:11 +0100 (Fri, 02 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for firefox FEDORA-2018-d9706e9f1f\");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open-source web \nbrowser, designed for standards compliance, performance and portability.\n\");\n script_tag(name: \"affected\", value: \"firefox on Fedora 26\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-d9706e9f1f\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRO3PSVA6YL3YAMBU7BRKKRQM3H3GIRB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~58.0.1~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-01T23:39:17", "references": ["http://lists.centos.org/pipermail/centos-announce/2018-February/022761.html", "2018:0262"], "pluginID": "1361412562310882842", "description": "Check the version of thunderbird", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-02T00:00:00", "title": "CentOS Update for thunderbird CESA-2018:0262 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "modified": "2018-08-10T00:00:00", "id": "OPENVAS:1361412562310882842", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882842", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0262_thunderbird_centos7.nasl 10909 2018-08-10 15:03:01Z cfischer $\n#\n# CentOS Update for thunderbird CESA-2018:0262 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882842\");\n script_version(\"$Revision: 10909 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-10 17:03:01 +0200 (Fri, 10 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 06:30:21 +0100 (Fri, 02 Feb 2018)\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \n \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \n \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2018:0262 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of thunderbird\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Thunderbird is a standalone mail \nand newsgroup client.\n\nThis update upgrades Thunderbird to version 52.6.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,\nCVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104,\nCVE-2018-5117)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan\nFroyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos\nAlvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan,\nLudovic Hirlimann, Jason Orendorff, Anonymous, Nils, and Xisigr as the\noriginal reporters.\n\");\n script_tag(name: \"affected\", value: \"thunderbird on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2018:0262\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2018-February/022761.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.6.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-05T11:04:26", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJHJXDL3DB2BBMLM4HUKU5LY5YLT23Q3", "2018-79db828bff"], "pluginID": "1361412562310874081", "description": "Check the version of firefox", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-01T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2018-79db828bff", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-02-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874081", "id": "OPENVAS:1361412562310874081", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_79db828bff_firefox_fc27.nasl 8640 2018-02-02 12:22:12Z santu $\n#\n# Fedora Update for firefox FEDORA-2018-79db828bff\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874081\");\n script_version(\"$Revision: 8640 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-02 13:22:12 +0100 (Fri, 02 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:56:20 +0100 (Thu, 01 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for firefox FEDORA-2018-79db828bff\");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open-source web \nbrowser, designed for standards compliance, performance and portability.\n\");\n script_tag(name: \"affected\", value: \"firefox on Fedora 27\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-79db828bff\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJHJXDL3DB2BBMLM4HUKU5LY5YLT23Q3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~58.0.1~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-05T11:29:45", "references": ["2018:0169", "http://lists.centos.org/pipermail/centos-announce/2018-January/022756.html"], "pluginID": "1361412562310882840", "description": "Check the version of kernel", "edition": 4, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-01T00:00:00", "title": "CentOS Update for kernel CESA-2018:0169 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-9074", "CVE-2017-7542"], "modified": "2018-09-05T00:00:00", "id": "OPENVAS:1361412562310882840", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882840", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0169_kernel_centos6.nasl 11228 2018-09-05 02:44:21Z ckuersteiner $\n#\n# CentOS Update for kernel CESA-2018:0169 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882840\");\n script_version(\"$Revision: 11228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-05 04:44:21 +0200 (Wed, 05 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:49:11 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2017-7542\", \"CVE-2017-9074\", \"CVE-2017-11176\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2018:0169 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel packages contain the Linux \nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function was\nfound. A local attacker that has privileges (of CAP_NET_RAW) to open raw\nsocket can cause an infinite loop inside the ip6_find_1stfragopt()\nfunction. (CVE-2017-7542, Moderate)\n\n* The IPv6 fragmentation implementation in the Linux kernel does not\nconsider that the nexthdr field may be associated with an invalid option,\nwhich allows local users to cause a denial of service (out-of-bounds read\nand BUG) or possibly have unspecified other impact via crafted socket and\nsend system calls. Due to the nature of the flaw, privilege escalation\ncannot be fully ruled out, although we believe it is unlikely.\n(CVE-2017-9074, Moderate)\n\n* A use-after-free flaw was found in the Netlink functionality of the Linux\nkernel networking subsystem. Due to the insufficient cleanup in the\nmq_notify function, a local attacker could potentially use this flaw to\nescalate their privileges on the system. (CVE-2017-11176, Moderate)\n\nBug Fix(es):\n\n* Previously, the default timeout and retry settings in the VMBus driver\nwere insufficient in some cases, for example when a Hyper-V host was under\na significant load. Consequently, in Windows Server 2016, Hyper-V Server\n2016, and Windows Azure Platform, when running a Red Hat Enterprise Linux\nGuest on the Hyper-V hypervisor, the guest failed to boot or booted with\ncertain Hyper-V devices missing. This update alters the timeout and retry\nsettings in VMBus, and Red Hat Enterprise Linux guests now boot as expected\nunder the described conditions. (BZ#1506145)\n\n* Previously, an incorrect external declaration in the be2iscsi driver\ncaused a kernel panic when using the systool utility. With this update, the\nexternal declaration in be2iscsi has been fixed, and the kernel no longer\npanics when using systool. (BZ#1507512)\n\n* Under high usage of the NFSD file system and memory pressure, if many\ntasks in the Linux kernel attempted to obtain the global spinlock to clean\nthe Duplicate Reply Cache (DRC), these tasks stayed in an active wait in\nthe nfsd_reply_cache_shrink() function for up to 99% of time. Consequently,\na high load average occurred. This update fixes the bug by separating the\nDRC in several parts, each with an independent spinlock. As a result, the\nload and CPU utilization is no longer excessive under the described\ncircumstances. (BZ#1509876)\n\n* When attempting to attach multiple SCSI devices simultaneously, Red Hat\nEnterprise Linux 6.9 on IBM z Systems sometimes became unresponsive. This\nupdate fixes the zfcp ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"kernel on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2018:0169\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2018-January/022756.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:48", "references": ["2018-c587c0a62d", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODBELZC7YYIYMXH4UHWIHDASQ7R2OCHB"], "pluginID": "1361412562310874083", "description": "Check the version of moodle", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-01T00:00:00", "title": "Fedora Update for moodle FEDORA-2018-c587c0a62d", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1042", "CVE-2018-1043", "CVE-2018-1044", "CVE-2018-1045"], "modified": "2018-02-09T00:00:00", "id": "OPENVAS:1361412562310874083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c587c0a62d_moodle_fc27.nasl 8731 2018-02-09 07:50:57Z asteins $\n#\n# Fedora Update for moodle FEDORA-2018-c587c0a62d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874083\");\n script_version(\"$Revision: 8731 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-09 08:50:57 +0100 (Fri, 09 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:56:34 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2018-1042\", \"CVE-2018-1043\", \"CVE-2018-1044\", \"CVE-2018-1045\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for moodle FEDORA-2018-c587c0a62d\");\n script_tag(name: \"summary\", value: \"Check the version of moodle\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Moodle is a course management system \n(CMS) - a free, Open Source software package designed using sound pedagogical \nprinciples, to help educators create effective online learning communities.\n\");\n script_tag(name: \"affected\", value: \"moodle on Fedora 27\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-c587c0a62d\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODBELZC7YYIYMXH4UHWIHDASQ7R2OCHB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~3.3.4~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-24T21:15:38", "references": ["3552-1", "https://www.ubuntu.com/usn/usn-3552-1/"], "pluginID": "1361412562310843439", "description": "Check the version of firefox", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-01T00:00:00", "title": "Ubuntu Update for firefox USN-3552-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5124"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310843439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843439", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3552_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for firefox USN-3552-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843439\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:49:25 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2018-5124\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3552-1\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Johann Hofmann discovered that HTML fragments\ncreated for chrome-privileged documents were not properly sanitized. An attacker\ncould exploit this to execute arbitrary code. (CVE-2018-5124)\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3552-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3552-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0.1+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0.1+build1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0.1+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-01T23:37:19", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIKMPOO5ZH7DTJPQW43SQI3P33VNC6AN", "2018-7e086e3309"], "pluginID": "1361412562310874082", "description": "Check the version of moodle", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-01T00:00:00", "title": "Fedora Update for moodle FEDORA-2018-7e086e3309", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1042", "CVE-2018-1043", "CVE-2018-1044", "CVE-2018-1045"], "modified": "2018-02-09T00:00:00", "id": "OPENVAS:1361412562310874082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874082", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7e086e3309_moodle_fc26.nasl 8731 2018-02-09 07:50:57Z asteins $\n#\n# Fedora Update for moodle FEDORA-2018-7e086e3309\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874082\");\n script_version(\"$Revision: 8731 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-09 08:50:57 +0100 (Fri, 09 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:56:20 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2018-1042\", \"CVE-2018-1043\", \"CVE-2018-1044\", \"CVE-2018-1045\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for moodle FEDORA-2018-7e086e3309\");\n script_tag(name: \"summary\", value: \"Check the version of moodle\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Moodle is a course management system \n(CMS) - a free, Open Source software package designed using sound pedagogical \nprinciples, to help educators create effective online learning communities.\n\");\n script_tag(name: \"affected\", value: \"moodle on Fedora 26\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-7e086e3309\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIKMPOO5ZH7DTJPQW43SQI3P33VNC6AN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~3.2.7~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2018-08-03T11:20:06", "references": ["http://seclists.org/oss-sec/2016/q4/406", "http://www.securityfocus.com/bid/94302", "https://github.com/geopython/pycsw/pull/474/files", "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch"], "description": "A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.", "edition": 2, "reporter": "NVD", "published": "2018-08-01T14:29:00", "title": "CVE-2016-8640", "type": "cve", "enchantments": {"score": {"modified": "2018-08-03T11:20:06", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2016-8640"], "scanner": [], "modified": "2018-08-02T21:29:01", "cpe": [], "id": "CVE-2016-8640", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8640", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2018-09-01T23:33:16", "references": ["http://www.nessus.org/u?b6341411"], "pluginID": "104382", "description": "The remote Windows host is missing security update 4034668. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. (CVE-2017-8624)\n\n - A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8635, CVE-2017-8641)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8666)\n\n - A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UMCI policies.\n (CVE-2017-8625)\n\n - A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and exploit the system even if IME is not enabled. (CVE-2017-8591)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8664)\n\n - A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. A remote unauthenticated attacker could exploit this vulnerability by sending a series of TCP packets to a target system, resulting in a permanent denial of service condition. The update addresses the vulnerability by correcting how the Windows network stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-0250)\n\n - A remote code execution vulnerability exists in the way Microsoft browsers handle objects in memory while rendering content. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8669)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2017-8633)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8653)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8636, CVE-2017-8640, CVE-2017-8655, CVE-2017-8672)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-0293)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8644, CVE-2017-8652)", "edition": 8, "reporter": "Tenable", "published": "2017-11-03T00:00:00", "title": "KB4034668: Windows 10 August 2017 Cumulative Update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8625", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8635"], "modified": "2018-08-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_AUG_4034668.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104382", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104382);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/03 11:35:09\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0293\",\n \"CVE-2017-8591\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8624\",\n \"CVE-2017-8625\",\n \"CVE-2017-8633\",\n \"CVE-2017-8635\",\n \"CVE-2017-8636\",\n \"CVE-2017-8640\",\n \"CVE-2017-8641\",\n \"CVE-2017-8644\",\n \"CVE-2017-8652\",\n \"CVE-2017-8653\",\n \"CVE-2017-8655\",\n \"CVE-2017-8664\",\n \"CVE-2017-8666\",\n \"CVE-2017-8669\",\n \"CVE-2017-8672\"\n );\n script_bugtraq_id(\n 98100,\n 99430,\n 100027,\n 100032,\n 100034,\n 100038,\n 100039,\n 100044,\n 100047,\n 100051,\n 100055,\n 100056,\n 100057,\n 100059,\n 100061,\n 100063,\n 100068,\n 100069,\n 100072,\n 100085,\n 100089\n );\n script_xref(name:\"MSKB\", value:\"4034668\");\n script_xref(name:\"MSFT\", value:\"MS17-4034668\");\n\n script_name(english:\"KB4034668: Windows 10 August 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4034668. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635, CVE-2017-8641)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate User Mode Code\n Integrity (UMCI) policies. The vulnerability could allow\n an attacker to bypass Device Guard UMCI policies.\n (CVE-2017-8625)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2017-0250)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-8669)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2017-8633)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked &quot;safe\n for initialization&quot; in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8636, CVE-2017-8640,\n CVE-2017-8655, CVE-2017-8672)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2017-0293)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644, CVE-2017-8652)\");\n # https://support.microsoft.com/en-us/help/4034668/windows-10-update-kb4034668\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6341411\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4034668.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list('4034668');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nos_name = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif(\"LTSB\" >!< os_name) audit(AUDIT_OS_NOT, \"Windows 10 version 1507 LTSB\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"08_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4034668])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-04-02T05:28:20", "references": [], "description": "Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability.", "edition": 1, "reporter": "Google Security Research", "published": "2017-08-17T00:00:00", "title": "Microsoft Edge Chakra Uninitialized Arguments Exploit", "type": "zdt", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-8640"], "modified": "2017-08-17T00:00:00", "href": "https://0day.today/exploit/description/28291", "id": "1337DAY-ID-28291", "sourceData": "Microsoft Edge: Chakra: Uninitialized arguments \r\n\r\nCVE-2017-8640\r\n\r\n\r\nHere's a snippet of \"ParseVariableDeclaration\" which is used for parsing declarations.\r\ntemplate<bool buildAST>\r\nParseNodePtr Parser::ParseVariableDeclaration(\r\n tokens declarationType, charcount_t ichMin,\r\n BOOL fAllowIn/* = TRUE*/,\r\n BOOL* pfForInOk/* = nullptr*/,\r\n BOOL singleDefOnly/* = FALSE*/,\r\n BOOL allowInit/* = TRUE*/,\r\n BOOL isTopVarParse/* = TRUE*/,\r\n BOOL isFor/* = FALSE*/,\r\n BOOL* nativeForOk /*= nullptr*/)\r\n{\r\n ...\r\n if (pid == wellKnownPropertyPids.arguments && m_currentNodeFunc)\r\n {\r\n // This var declaration may change the way an 'arguments' identifier in the function is resolved\r\n if (declarationType == tkVAR)\r\n {\r\n m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_varDeclaration;\r\n }\r\n else\r\n {\r\n if (GetCurrentBlockInfo()->pnodeBlock->sxBlock.blockType == Function)\r\n {\r\n // Only override arguments if we are at the function block level.\r\n m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_overriddenByDecl;\r\n }\r\n }\r\n }\r\n ...\r\n}\r\n\r\n\"m_currentNodeFunc\" is only replaced when \"buildAST\" is true. So I think it's not supposed to use \"m_currentNodeFunc\" when \"buildAST\" is false. But the above code is using it regardless of \"buildAST\". So it may change a wrong function's \"grfpn\" flag. What I noticed is the \"PNodeFlags::fpnArguments_overriddenByDecl\" flag which makes the function's arguments uninitialized.\r\n\r\nPoC:\r\nfunction f() {\r\n ({a = () => {\r\n let arguments;\r\n }} = 1);\r\n\r\n arguments.x;\r\n}\r\n\r\nf();\r\n\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\n\n# 0day.today [2018-04-02] #", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/28291"}], "exploitdb": [{"lastseen": "2017-08-17T21:07:11", "osvdbidlist": [], "references": [], "description": "Microsoft Edge Chakra - Uninitialized Arguments. CVE-2017-8640. Dos exploit for Windows platform", "edition": 1, "reporter": "Exploit-DB", "published": "2017-08-17T00:00:00", "title": "Microsoft Edge Chakra - Uninitialized Arguments", "type": "exploitdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-8640"], "modified": "2017-08-17T00:00:00", "href": "https://www.exploit-db.com/exploits/42476/", "id": "EDB-ID:42476", "sourceData": "<!--\r\nSource: https://bugs.chromium.org/p/project-zero/issues/detail?id=1297\r\n\r\nHere's a snippet of \"ParseVariableDeclaration\" which is used for parsing declarations.\r\ntemplate<bool buildAST>\r\nParseNodePtr Parser::ParseVariableDeclaration(\r\n tokens declarationType, charcount_t ichMin,\r\n BOOL fAllowIn/* = TRUE*/,\r\n BOOL* pfForInOk/* = nullptr*/,\r\n BOOL singleDefOnly/* = FALSE*/,\r\n BOOL allowInit/* = TRUE*/,\r\n BOOL isTopVarParse/* = TRUE*/,\r\n BOOL isFor/* = FALSE*/,\r\n BOOL* nativeForOk /*= nullptr*/)\r\n{\r\n ...\r\n if (pid == wellKnownPropertyPids.arguments && m_currentNodeFunc)\r\n {\r\n // This var declaration may change the way an 'arguments' identifier in the function is resolved\r\n if (declarationType == tkVAR)\r\n {\r\n m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_varDeclaration;\r\n }\r\n else\r\n {\r\n if (GetCurrentBlockInfo()->pnodeBlock->sxBlock.blockType == Function)\r\n {\r\n // Only override arguments if we are at the function block level.\r\n m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_overriddenByDecl;\r\n }\r\n }\r\n }\r\n ...\r\n}\r\n\r\n\"m_currentNodeFunc\" is only replaced when \"buildAST\" is true. So I think it's not supposed to use \"m_currentNodeFunc\" when \"buildAST\" is false. But the above code is using it regardless of \"buildAST\". So it may change a wrong function's \"grfpn\" flag. What I noticed is the \"PNodeFlags::fpnArguments_overriddenByDecl\" flag which makes the function's arguments uninitialized.\r\n\r\nPoC:\r\n-->\r\n\r\nfunction f() {\r\n ({a = () => {\r\n let arguments;\r\n }} = 1);\r\n\r\n arguments.x;\r\n}\r\n\r\nf();", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/42476/"}], "seebug": [{"lastseen": "2017-11-19T11:55:49", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "Here's a snippet of \"`ParseVariableDeclaration`\" which is used for parsing declarations.\r\n```\r\ntemplate<bool buildAST>\r\nParseNodePtr Parser::ParseVariableDeclaration(\r\n tokens declarationType, charcount_t ichMin,\r\n BOOL fAllowIn/* = TRUE*/,\r\n BOOL* pfForInOk/* = nullptr*/,\r\n BOOL singleDefOnly/* = FALSE*/,\r\n BOOL allowInit/* = TRUE*/,\r\n BOOL isTopVarParse/* = TRUE*/,\r\n BOOL isFor/* = FALSE*/,\r\n BOOL* nativeForOk /*= nullptr*/)\r\n{\r\n ...\r\n if (pid == wellKnownPropertyPids.arguments && m_currentNodeFunc)\r\n {\r\n // This var declaration may change the way an 'arguments' identifier in the function is resolved\r\n if (declarationType == tkVAR)\r\n {\r\n m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_varDeclaration;\r\n }\r\n else\r\n {\r\n if (GetCurrentBlockInfo()->pnodeBlock->sxBlock.blockType == Function)\r\n {\r\n // Only override arguments if we are at the function block level.\r\n m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_overriddenByDecl;\r\n }\r\n }\r\n }\r\n ...\r\n}\r\n```\r\n\"`m_currentNodeFunc`\" is only replaced when \"`buildAST`\" is true. So I think it's not supposed to use \"`m_currentNodeFunc`\" when \"`buildAST`\" is false. But the above code is using it regardless of \"`buildAST`\". So it may change a wrong function's \"`grfpn`\" flag. What I noticed is the \"`PNodeFlags::fpnArguments_overriddenByDecl`\" flag which makes the function's arguments uninitialized.\r\n\r\n### PoC:\r\n```\r\nfunction f() {\r\n ({a = () => {\r\n let arguments;\r\n }} = 1);\r\n\r\n arguments.x;\r\n}\r\n\r\nf();\r\n```", "reporter": "Root", "published": "2017-08-17T00:00:00", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Microsoft Edge: Chakra: Uninitialized arguments(CVE-2017-8640)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-8640"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2017-08-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96360", "id": "SSV:96360", "sourceData": "\n function f() {\r\n ({a = () => {\r\n let arguments;\r\n }} = 1);\r\n\r\n arguments.x;\r\n}\r\n\r\nf();\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96360", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "cve,poc,details"}], "packetstorm": [{"lastseen": "2017-08-19T07:19:35", "references": [], "description": "", "edition": 1, "reporter": "Google Security Research", "published": "2017-08-17T00:00:00", "title": "Microsoft Edge Chakra Uninitialized Arguments", "type": "packetstorm", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-8640"], "modified": "2017-08-17T00:00:00", "href": "https://packetstormsecurity.com/files/143798/Microsoft-Edge-Chakra-Uninitialized-Arguments.html", "id": "PACKETSTORM:143798", "sourceData": "` Microsoft Edge: Chakra: Uninitialized arguments \n \nCVE-2017-8640 \n \n \nHere's a snippet of \"ParseVariableDeclaration\" which is used for parsing declarations. \ntemplate<bool buildAST> \nParseNodePtr Parser::ParseVariableDeclaration( \ntokens declarationType, charcount_t ichMin, \nBOOL fAllowIn/* = TRUE*/, \nBOOL* pfForInOk/* = nullptr*/, \nBOOL singleDefOnly/* = FALSE*/, \nBOOL allowInit/* = TRUE*/, \nBOOL isTopVarParse/* = TRUE*/, \nBOOL isFor/* = FALSE*/, \nBOOL* nativeForOk /*= nullptr*/) \n{ \n... \nif (pid == wellKnownPropertyPids.arguments && m_currentNodeFunc) \n{ \n// This var declaration may change the way an 'arguments' identifier in the function is resolved \nif (declarationType == tkVAR) \n{ \nm_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_varDeclaration; \n} \nelse \n{ \nif (GetCurrentBlockInfo()->pnodeBlock->sxBlock.blockType == Function) \n{ \n// Only override arguments if we are at the function block level. \nm_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_overriddenByDecl; \n} \n} \n} \n... \n} \n \n\"m_currentNodeFunc\" is only replaced when \"buildAST\" is true. So I think it's not supposed to use \"m_currentNodeFunc\" when \"buildAST\" is false. But the above code is using it regardless of \"buildAST\". So it may change a wrong function's \"grfpn\" flag. What I noticed is the \"PNodeFlags::fpnArguments_overriddenByDecl\" flag which makes the function's arguments uninitialized. \n \nPoC: \nfunction f() { \n({a = () => { \nlet arguments; \n}} = 1); \n \narguments.x; \n} \n \nf(); \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/143798/GS20170817000110.txt"}], "trendmicroblog": [{"lastseen": "2017-08-15T08:08:38", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "enchantments_done": [], "description": "\n\nEarlier this month, a blog post from Blue Frost Security was released stating that they were giving away tickets to the upcoming Ekoparty Security Conference in Argentina. But there was a catch: in order to get the tickets (and free whiskey), entrants had to complete an exploitation challenge and send them the solution. Blue Frost provided a 64-bit PE binary with a simple stack-based buffer overflow with the objective to run 'calc.exe' on Windows 7, Windows 8.1, or Windows 10.\n\nOur very own Jasiel Spelman ([@WanderingGlitch](<https://twitter.com/wanderingglitch>)) from the Zero Day Initiative decided to take a little break from work and work on the challenge. While it may seem that this challenge was set up to hack something for fun (and drinks), what it really shows is how poorly-written applications can easily be exploited. You can check out Jasiel\u2019s blog, which includes video of his demo, [here](<https://www.zerodayinitiative.com/blog/2017/8/9/the-blue-frost-security-challenge-an-exploitation-journey-for-fun-and-free-drinks>).\n\n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before July 11, 2017. Microsoft released 48 security patches for August covering Windows, Internet Explorer (IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. 25 are listed as Critical, 21 are rated Important, and two are Moderate in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [August 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review>) from the Zero Day Initiative:\n\n \n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0174 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-0250 | 29053 | \nCVE-2017-0293 | *27746 | \nCVE-2017-8503 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8516 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8591 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8593 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8620 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8622 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8623 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8624 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8625 | 29340 | \nCVE-2017-8627 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8633 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8634 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8635 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8636 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8637 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8638 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8639 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8640 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8641 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8642 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8644 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8645 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8646 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8647 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8650 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8651 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8652 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8653 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8654 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8655 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8656 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8657 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8659 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8661 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8662 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8664 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8666 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8668 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8669 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8670 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8671 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8672 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8673 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8674 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8691 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Zero-Day Filters**\n\nThere is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Cisco (1)_**\n\n| \n\n * 29277: HTTPS: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal (ZDI-17-447)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-july-31-2017/>).", "reporter": "Elisa Lippincott (TippingPoint Global Product Marketing)", "published": "2017-08-11T16:07:23", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of August 7, 2017", "type": "trendmicroblog", "bulletinFamily": "blog", "cvelist": ["CVE-2017-0174", "CVE-2017-0250", "CVE-2017-0293", "CVE-2017-8503", "CVE-2017-8516", "CVE-2017-8591", "CVE-2017-8593", "CVE-2017-8620", "CVE-2017-8622", "CVE-2017-8623", "CVE-2017-8624", "CVE-2017-8625", "CVE-2017-8627", "CVE-2017-8633", "CVE-2017-8634", "CVE-2017-8635", "CVE-2017-8636", "CVE-2017-8637", "CVE-2017-8638", "CVE-2017-8639", "CVE-2017-8640", "CVE-2017-8641", "CVE-2017-8642", "CVE-2017-8644", "CVE-2017-8645", "CVE-2017-8646", "CVE-2017-8647", "CVE-2017-8650", "CVE-2017-8651", "CVE-2017-8652", "CVE-2017-8653", "CVE-2017-8654", "CVE-2017-8655", "CVE-2017-8656", "CVE-2017-8657", "CVE-2017-8659", "CVE-2017-8661", "CVE-2017-8662", "CVE-2017-8664", "CVE-2017-8666", "CVE-2017-8668", "CVE-2017-8669", "CVE-2017-8670", "CVE-2017-8671", "CVE-2017-8672", "CVE-2017-8673", "CVE-2017-8674", "CVE-2017-8691"], "_object_type": "robots.models.rss.RssBulletin", "modified": "2017-08-11T16:07:23", "id": "TRENDMICROBLOG:69CE152C75321BE9991EA1AD9027F827", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-august-7-2017/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}