ID OPENSUSE-SU-2013:0166-1 Type suse Reporter Suse Modified 2013-01-23T14:06:44
Description
Update to version 1.2.3.
Update configure.ac to avoid autoconf 2.68 warnings, by
(a) quoting the first AC_RUN_IFELSE argument, an
AC_LANG_PROGRAM(), with [ ], and (b) providing an
explicit "true" assumption for Berkeley DB capabilities
to avoid cross-compilation warnings.
Security bugfix; (bnc#792939), Fix a heap corruption in
base64 decoder on invalid input.
<a rel="nofollow" href="http://bogofilter.sourceforge.net/security/bogofilter-SA-201">http://bogofilter.sourceforge.net/security/bogofilter-SA-201</a>
2-01
Added bogofilter-faq-bg.html, a Bulgarian translation
of the FAQ.
Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.
Update to version 1.2.2.
Use a better PRNG for random sleeps. That is
arc4random() where available, and drand48() elsewhere.
Assorted fixes for issues found with clang analyzer:
Fix a potential NULL deference
Fix a potential division by zero
Remove dead assignments and increments
Update Doxyfile and source contrib/bogogrep.c for docs,
too.
Security bugfix, CVE-2010-2494: Fix a heap corruption
in base64 decoder on invalid input. Analysis and patch
by Julius Plenz <plenz@xxxxxxxxxxxxxxxx>. Please
see doc/bogofilter-SA-2010-01 for details.
Updated sendmail milter contrib/bogofilter-milter.pl to
v1.??????
Bump supported/minimum SQLite3 versions and warning
threshold. See doc/README.sqlite for details.
Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
Make t.maint more robust; ignore .ENCODING token. To
fix test failures on, for instance, FreeBSD with
unicode enabled.
Fix several compiler warnings "array subscript has type
'char'", by casting the arguments to unsigned char.
Split error messages for ENOENT and EINVAL into new
function.
Avoid divison by zero in robx computation by checking
if there are at least one ham message and one spam
message registered.
contrib/spamitarium.pl updated to version 0.4.0
Updated and integrated Ted Phelps's "Patch to prevent
.ENCODING from being discarded by bogoutil -m"
(SourceForge Patch #1743984).
remove call to suse_update_config (very old work around)
Remove redundant tags/sections from specfile
Use %_smp_mflags for parallel build
{"enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2016-09-04T11:56:36", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2494"]}, {"type": "openvas", "idList": ["OPENVAS:67713", "OPENVAS:1361412562310850418", "OPENVAS:840490", "OPENVAS:1361412562310862589", "OPENVAS:1361412562310862363", "OPENVAS:1361412562310862372", "OPENVAS:1361412562310850380", "OPENVAS:862372", "OPENVAS:136141256231067713", "OPENVAS:862589"]}, {"type": "nessus", "idList": ["OPENSUSE-2012-852.NASL", "FREEBSD_PKG_25ED4FF8894011DFA3390026189BACA3.NASL", "OPENSUSE-2012-851.NASL", "FEDORA_2010-12959.NASL", "FEDORA_2010-13139.NASL", "SUSE_11_BOGOFILTER-100708.NASL", "FEDORA_2010-13154.NASL", "UBUNTU_USN-980-1.NASL", "SUSE_11_2_BOGOFILTER-100708.NASL", "SUSE_11_1_BOGOFILTER-100708.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24666", "SECURITYVULNS:VULN:11112"]}, {"type": "freebsd", "idList": ["25ED4FF8-8940-11DF-A339-0026189BACA3"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:1648-1", "OPENSUSE-SU-2012:1650-1"]}, {"type": "ubuntu", "idList": ["USN-980-1"]}], "modified": "2016-09-04T11:56:36", "rev": 2}, "vulnersScore": 6.2}, "reporter": "Suse", "id": "OPENSUSE-SU-2013:0166-1", "modified": "2013-01-23T14:06:44", "published": "2013-01-23T14:06:44", "bulletinFamily": "unix", "viewCount": 2, "cvelist": ["CVE-2010-2494"], "affectedPackage": [{"packageVersion": "1.2.3-12.1", "packageName": "bogofilter", "packageFilename": "bogofilter-1.2.3-12.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.4", "OS": "openSUSE", "arch": "x86_64"}, {"packageVersion": "1.2.3-12.1", "packageName": "bogofilter-debugsource", "packageFilename": "bogofilter-debugsource-1.2.3-12.1.i586.rpm", "operator": "lt", "OSVersion": "11.4", "OS": "openSUSE", "arch": "i586"}, {"packageVersion": "1.2.3-12.1", "packageName": "bogofilter-debuginfo", "packageFilename": "bogofilter-debuginfo-1.2.3-12.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.4", "OS": "openSUSE", "arch": "x86_64"}, {"packageVersion": "1.2.3-12.1", "packageName": "bogofilter-debugsource", "packageFilename": "bogofilter-debugsource-1.2.3-12.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.4", "OS": "openSUSE", "arch": "x86_64"}, {"packageVersion": "1.2.3-12.1", "packageName": "bogofilter", "packageFilename": "bogofilter-1.2.3-12.1.i586.rpm", "operator": "lt", "OSVersion": "11.4", "OS": "openSUSE", "arch": "i586"}, {"packageVersion": "1.2.3-12.1", "packageName": "bogofilter-debuginfo", "packageFilename": "bogofilter-debuginfo-1.2.3-12.1.i586.rpm", "operator": "lt", "OSVersion": "11.4", "OS": "openSUSE", "arch": "i586"}], "type": "suse", "references": ["https://bugzilla.novell.com/792939"], "description": "- Update to version 1.2.3.\n * Update configure.ac to avoid autoconf 2.68 warnings, by\n (a) quoting the first AC_RUN_IFELSE argument, an\n AC_LANG_PROGRAM(), with [ ], and (b) providing an\n explicit "true" assumption for Berkeley DB capabilities\n to avoid cross-compilation warnings.\n * Security bugfix; (bnc#792939), Fix a heap corruption in\n base64 decoder on invalid input.\n <a rel=\"nofollow\" href=\"http://bogofilter.sourceforge.net/security/bogofilter-SA-201\">http://bogofilter.sourceforge.net/security/bogofilter-SA-201</a>\n 2-01\n * Added bogofilter-faq-bg.html, a Bulgarian translation\n of the FAQ.\n * Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.\n - Update to version 1.2.2.\n * Use a better PRNG for random sleeps. That is\n arc4random() where available, and drand48() elsewhere.\n * Assorted fixes for issues found with clang analyzer:\n + Fix a potential NULL deference\n + Fix a potential division by zero\n + Remove dead assignments and increments\n * Update Doxyfile and source contrib/bogogrep.c for docs,\n too.\n * Security bugfix, CVE-2010-2494: Fix a heap corruption\n in base64 decoder on invalid input. Analysis and patch\n by Julius Plenz &lt;plenz@xxxxxxxxxxxxxxxx&gt;. Please\n see doc/bogofilter-SA-2010-01 for details.\n * Updated sendmail milter contrib/bogofilter-milter.pl to\n v1.??????\n * Bump supported/minimum SQLite3 versions and warning\n threshold. See doc/README.sqlite for details.\n * Mark BerkeleyDB 4.8.26 and 5.0.21 supported.\n * Make t.maint more robust; ignore .ENCODING token. To\n fix test failures on, for instance, FreeBSD with\n unicode enabled.\n * Fix several compiler warnings "array subscript has type\n 'char'", by casting the arguments to unsigned char.\n * Split error messages for ENOENT and EINVAL into new\n function.\n * Avoid divison by zero in robx computation by checking\n if there are at least one ham message and one spam\n message registered.\n * contrib/spamitarium.pl updated to version 0.4.0\n * Updated and integrated Ted Phelps's "Patch to prevent\n .ENCODING from being discarded by bogoutil -m"\n (SourceForge Patch #1743984).\n - remove call to suse_update_config (very old work around)\n - Remove redundant tags/sections from specfile\n - Use %_smp_mflags for parallel build\n\n", "title": "update for bogofilter (important)", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00021.html", "lastseen": "2016-09-04T11:56:36", "edition": 1, "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}
{"cve": [{"lastseen": "2020-12-09T19:34:40", "description": "Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.", "edition": 5, "cvss3": {}, "published": "2010-07-08T18:30:00", "title": "CVE-2010-2494", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2494"], "modified": "2013-02-14T04:31:00", "cpe": ["cpe:/a:bogofilter:bogofilter:1.1.5", "cpe:/a:bogofilter:bogofilter:1.0.3", "cpe:/a:bogofilter:bogofilter:1.1.6", "cpe:/a:bogofilter:bogofilter:1.1.3", "cpe:/a:bogofilter:bogofilter:1.1.0", "cpe:/a:bogofilter:bogofilter:1.0.2", "cpe:/a:bogofilter:bogofilter:1.0.1", "cpe:/a:bogofilter:bogofilter:1.0.0", "cpe:/a:bogofilter:bogofilter:1.1.2", "cpe:/a:bogofilter:bogofilter:1.1.7", "cpe:/a:bogofilter:bogofilter:1.1.1", "cpe:/a:bogofilter:bogofilter:1.2.0", "cpe:/a:bogofilter:bogofilter:1.2.1", "cpe:/a:bogofilter:bogofilter:1.1.4"], "id": "CVE-2010-2494", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2494", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:bogofilter:bogofilter:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:bogofilter:bogofilter:1.0.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-19T15:04:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-01-19T00:00:00", "published": "2010-07-22T00:00:00", "id": "OPENVAS:136141256231067713", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067713", "type": "openvas", "title": "FreeBSD Ports: bogofilter", "sourceData": "#\n#VID 25ed4ff8-8940-11df-a339-0026189baca3\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 25ed4ff8-8940-11df-a339-0026189baca3\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n bogofilter\n bogofilter-sqlite\n bogofilter-tc\n\nCVE-2010-2494\nMultiple buffer underflows in the base64 decoder in base64.c in (1)\nbogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote\nattackers to cause a denial of service (heap memory corruption and\napplication crash) via an e-mail message with invalid base64 data that\nbegins with an = (equals) character.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01\nhttp://www.vuxml.org/freebsd/25ed4ff8-8940-11df-a339-0026189baca3.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67713\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-22 17:43:43 +0200 (Thu, 22 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-2494\");\n script_name(\"FreeBSD Ports: bogofilter\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"bogofilter\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.1_2\")<0) {\n txt += 'Package bogofilter version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"bogofilter-sqlite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.1_1\")<0) {\n txt += 'Package bogofilter-sqlite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"bogofilter-tc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.1_1\")<0) {\n txt += 'Package bogofilter-tc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "Check for the Version of bogofilter", "modified": "2017-12-20T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862589", "href": "http://plugins.openvas.org/nasl.php?oid=862589", "type": "openvas", "title": "Fedora Update for bogofilter FEDORA-2010-12959", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bogofilter FEDORA-2010-12959\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bogofilter on Fedora 14\";\ntag_insight = \"Bogofilter is a Bayesian spam filter. In its normal mode of\n operation, it takes an email message or other text on standard input,\n does a statistical check against lists of "good" and "bad" words, and\n returns a status code indicating whether or not the message is spam.\n Bogofilter is designed with fast algorithms (including Berkeley DB system),\n coded directly in C, and tuned for speed, so it can be used for production\n by sites that process a lot of mail.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046472.html\");\n script_id(862589);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-12959\");\n script_cve_id(\"CVE-2010-2494\");\n script_name(\"Fedora Update for bogofilter FEDORA-2010-12959\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bogofilter\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"bogofilter\", rpm:\"bogofilter~1.2.2~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-09T00:00:00", "published": "2010-07-22T00:00:00", "id": "OPENVAS:67713", "href": "http://plugins.openvas.org/nasl.php?oid=67713", "type": "openvas", "title": "FreeBSD Ports: bogofilter", "sourceData": "#\n#VID 25ed4ff8-8940-11df-a339-0026189baca3\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 25ed4ff8-8940-11df-a339-0026189baca3\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n bogofilter\n bogofilter-sqlite\n bogofilter-tc\n\nCVE-2010-2494\nMultiple buffer underflows in the base64 decoder in base64.c in (1)\nbogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote\nattackers to cause a denial of service (heap memory corruption and\napplication crash) via an e-mail message with invalid base64 data that\nbegins with an = (equals) character.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01\nhttp://www.vuxml.org/freebsd/25ed4ff8-8940-11df-a339-0026189baca3.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67713);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-22 17:43:43 +0200 (Thu, 22 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-2494\");\n script_name(\"FreeBSD Ports: bogofilter\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"bogofilter\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.1_2\")<0) {\n txt += 'Package bogofilter version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"bogofilter-sqlite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.1_1\")<0) {\n txt += 'Package bogofilter-sqlite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"bogofilter-tc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.1_1\")<0) {\n txt += 'Package bogofilter-tc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:58:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "Check for the Version of bogofilter", "modified": "2017-12-18T00:00:00", "published": "2010-09-07T00:00:00", "id": "OPENVAS:862372", "href": "http://plugins.openvas.org/nasl.php?oid=862372", "type": "openvas", "title": "Fedora Update for bogofilter FEDORA-2010-13139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bogofilter FEDORA-2010-13139\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bogofilter on Fedora 13\";\ntag_insight = \"Bogofilter is a Bayesian spam filter. In its normal mode of\n operation, it takes an email message or other text on standard input,\n does a statistical check against lists of "good" and "bad" words, and\n returns a status code indicating whether or not the message is spam.\n Bogofilter is designed with fast algorithms (including Berkeley DB system),\n coded directly in C, and tuned for speed, so it can be used for production\n by sites that process a lot of mail.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html\");\n script_id(862372);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-13139\");\n script_cve_id(\"CVE-2010-2494\");\n script_name(\"Fedora Update for bogofilter FEDORA-2010-13139\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bogofilter\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"bogofilter\", rpm:\"bogofilter~1.2.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:40:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2013-03-11T00:00:00", "id": "OPENVAS:1361412562310850418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850418", "type": "openvas", "title": "openSUSE: Security Advisory for update (openSUSE-SU-2012:1650-1)", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2012-12/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.850418\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:36 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2010-2494\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:1650-1\");\n script_name(\"openSUSE: Security Advisory for update (openSUSE-SU-2012:1650-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.2\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 12.2\");\n\n script_tag(name:\"insight\", value:\"This version upgrade of bogofilter fixed a heap corruption\n in the base 64 decoding routine as well as several other\n non-security issues.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"bogofilter\", rpm:\"bogofilter~1.2.3~17.4.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bogofilter-debuginfo\", rpm:\"bogofilter-debuginfo~1.2.3~17.4.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ogofilter-debugsource\", rpm:\"ogofilter-debugsource~1.2.3~17.4.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-08T12:54:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-980-1", "modified": "2018-01-05T00:00:00", "published": "2010-09-07T00:00:00", "id": "OPENVAS:1361412562310840490", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840490", "type": "openvas", "title": "Ubuntu Update for bogofilter vulnerability USN-980-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_980_1.nasl 8296 2018-01-05 07:28:01Z teissa $\n#\n# Ubuntu Update for bogofilter vulnerability USN-980-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Julius Plenz discovered that bogofilter incorrectly handled certain\n malformed encodings. By sending a specially crafted email, a remote\n attacker could exploit this and cause bogofilter to crash, resulting in a\n denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-980-1\";\ntag_affected = \"bogofilter vulnerability on Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-980-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840490\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"980-1\");\n script_cve_id(\"CVE-2010-2494\");\n script_name(\"Ubuntu Update for bogofilter vulnerability USN-980-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-bdb\", ver:\"1.2.0-3ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter\", ver:\"1.2.0-3ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-sqlite\", ver:\"1.2.0-3ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-common\", ver:\"1.2.0-3ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-bdb\", ver:\"1.2.1-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter\", ver:\"1.2.1-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-sqlite\", ver:\"1.2.1-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-common\", ver:\"1.2.1-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-bdb\", ver:\"1.1.7-1ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter\", ver:\"1.1.7-1ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-sqlite\", ver:\"1.1.7-1ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-common\", ver:\"1.1.7-1ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-bdb\", ver:\"1.1.5-2ubuntu5.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter\", ver:\"1.1.5-2ubuntu5.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-sqlite\", ver:\"1.1.5-2ubuntu5.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"bogofilter-common\", ver:\"1.1.5-2ubuntu5.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:40:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2013-03-11T00:00:00", "id": "OPENVAS:1361412562310850380", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850380", "type": "openvas", "title": "openSUSE: Security Advisory for update (openSUSE-SU-2012:1648-1)", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2012-12/msg00015.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.850380\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:57 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2010-2494\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:1648-1\");\n script_name(\"openSUSE: Security Advisory for update (openSUSE-SU-2012:1648-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.1\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 12.1\");\n\n script_tag(name:\"insight\", value:\"This version upgrade of bogofilter fixed a heap corruption\n in the base 64 decoding routine as well as several other\n non-security issues.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"bogofilter\", rpm:\"bogofilter~1.2.3~13.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bogofilter-debuginfo\", rpm:\"bogofilter-debuginfo~1.2.3~13.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ogofilter-debugsource\", rpm:\"ogofilter-debugsource~1.2.3~13.4.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-11T11:04:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "Check for the Version of bogofilter", "modified": "2018-01-10T00:00:00", "published": "2010-09-07T00:00:00", "id": "OPENVAS:1361412562310862372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862372", "type": "openvas", "title": "Fedora Update for bogofilter FEDORA-2010-13139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bogofilter FEDORA-2010-13139\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bogofilter on Fedora 13\";\ntag_insight = \"Bogofilter is a Bayesian spam filter. In its normal mode of\n operation, it takes an email message or other text on standard input,\n does a statistical check against lists of "good" and "bad" words, and\n returns a status code indicating whether or not the message is spam.\n Bogofilter is designed with fast algorithms (including Berkeley DB system),\n coded directly in C, and tuned for speed, so it can be used for production\n by sites that process a lot of mail.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862372\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-13139\");\n script_cve_id(\"CVE-2010-2494\");\n script_name(\"Fedora Update for bogofilter FEDORA-2010-13139\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bogofilter\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"bogofilter\", rpm:\"bogofilter~1.2.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:14:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "Check for the Version of update", "modified": "2017-12-08T00:00:00", "published": "2013-03-11T00:00:00", "id": "OPENVAS:850418", "href": "http://plugins.openvas.org/nasl.php?oid=850418", "type": "openvas", "title": "SuSE Update for update openSUSE-SU-2012:1650-1 (update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_1650_1.nasl 8045 2017-12-08 08:39:37Z santu $\n#\n# SuSE Update for update openSUSE-SU-2012:1650-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"update on openSUSE 12.2\";\ntag_insight = \"This version upgrade of bogofilter fixed a heap corruption\n in the base 64 decoding routine as well as several other\n non-security issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00016.html\");\n script_id(850418);\n script_version(\"$Revision: 8045 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:39:37 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:36 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2010-2494\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:1650_1\");\n script_name(\"SuSE Update for update openSUSE-SU-2012:1650-1 (update)\");\n\n script_summary(\"Check for the Version of update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"bogofilter\", rpm:\"bogofilter~1.2.3~17.4.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bogofilter-debuginfo\", rpm:\"bogofilter-debuginfo~1.2.3~17.4.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ogofilter-debugsource\", rpm:\"ogofilter-debugsource~1.2.3~17.4.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:58:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "description": "Check for the Version of bogofilter", "modified": "2017-12-18T00:00:00", "published": "2010-09-07T00:00:00", "id": "OPENVAS:862363", "href": "http://plugins.openvas.org/nasl.php?oid=862363", "type": "openvas", "title": "Fedora Update for bogofilter FEDORA-2010-13154", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bogofilter FEDORA-2010-13154\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bogofilter on Fedora 12\";\ntag_insight = \"Bogofilter is a Bayesian spam filter. In its normal mode of\n operation, it takes an email message or other text on standard input,\n does a statistical check against lists of "good" and "bad" words, and\n returns a status code indicating whether or not the message is spam.\n Bogofilter is designed with fast algorithms (including Berkeley DB system),\n coded directly in C, and tuned for speed, so it can be used for production\n by sites that process a lot of mail.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html\");\n script_id(862363);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-13154\");\n script_cve_id(\"CVE-2010-2494\");\n script_name(\"Fedora Update for bogofilter FEDORA-2010-13154\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bogofilter\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"bogofilter\", rpm:\"bogofilter~1.2.2~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2494"], "description": "This version upgrade of bogofilter fixed a heap corruption\n in the base 64 decoding routine as well as several other\n non-security issues.\n\n", "edition": 1, "modified": "2012-12-17T12:08:52", "published": "2012-12-17T12:08:52", "id": "OPENSUSE-SU-2012:1648-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00015.html", "title": "update for bogofilter (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:02", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2494"], "description": "This version upgrade of bogofilter fixed a heap corruption\n in the base 64 decoding routine as well as several other\n non-security issues.\n\n", "edition": 1, "modified": "2012-12-17T12:09:24", "published": "2012-12-17T12:09:24", "id": "OPENSUSE-SU-2012:1650-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00016.html", "type": "suse", "title": "update for bogofilter (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-2494"], "description": "===========================================================\r\nUbuntu Security Notice USN-980-1 August 31, 2010\r\nbogofilter vulnerability\r\nCVE-2010-2494\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 9.04\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n bogofilter-bdb 1.1.5-2ubuntu5.1\r\n bogofilter-sqlite 1.1.5-2ubuntu5.1\r\n\r\nUbuntu 9.04:\r\n bogofilter-bdb 1.1.7-1ubuntu1.1\r\n bogofilter-sqlite 1.1.7-1ubuntu1.1\r\n\r\nUbuntu 9.10:\r\n bogofilter-bdb 1.2.0-3ubuntu1.1\r\n bogofilter-sqlite 1.2.0-3ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n bogofilter-bdb 1.2.1-0ubuntu1.1\r\n bogofilter-sqlite 1.2.1-0ubuntu1.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nJulius Plenz discovered that bogofilter incorrectly handled certain\r\nmalformed encodings. By sending a specially crafted email, a remote\r\nattacker could exploit this and cause bogofilter to crash, resulting in a\r\ndenial of service.\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1.diff.gz\r\n Size/MD5: 13124 b6ee9d49921fa299b635a28fa18dd4be\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1.dsc\r\n Size/MD5: 755 73b56da23c7163d0a8c450ef67b4fff2\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5.orig.tar.gz\r\n Size/MD5: 941091 25558e2e72350ee2e4edfc1b617f6738\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_1.1.5-2ubuntu5.1_all.deb\r\n Size/MD5: 140846 8b175c0cc7454fc041c8e4fa4d5c7012\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_amd64.deb\r\n Size/MD5: 290240 54324e20a3957d58deb1859c2b5a75a4\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_amd64.deb\r\n Size/MD5: 990 ee300bbfc91cd72cbd9054c2ec63b98c\r\n http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_amd64.deb\r\n Size/MD5: 258212 b47ece61ffd2a3fceab8eecb5ad5a6c8\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_i386.deb\r\n Size/MD5: 250502 b477ced4d57d1cce1afa423e67b3daa9\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_i386.deb\r\n Size/MD5: 992 aced72a57d01e9090975389fd5045556\r\n http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_i386.deb\r\n Size/MD5: 222082 7a00a12152e3fdc39823ba5506eef300\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_lpia.deb\r\n Size/MD5: 251156 baa6f3f3080b89018b5d45290a2ef501\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_lpia.deb\r\n Size/MD5: 992 da0054089dc62499e768aea106514048\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_lpia.deb\r\n Size/MD5: 223226 86bf43b9cb2d871ff5918de66de63b91\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_powerpc.deb\r\n Size/MD5: 292258 93144af8f7bfdb314c76c86cf5641f74\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_powerpc.deb\r\n Size/MD5: 994 a83b40375a671dc6a75cf1f1e4be2484\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_powerpc.deb\r\n Size/MD5: 260294 05f1819dc1becae65a2bfb337609fee9\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.5-2ubuntu5.1_sparc.deb\r\n Size/MD5: 264080 e4079ee51a2014881151e92ce03079d0\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.5-2ubuntu5.1_sparc.deb\r\n Size/MD5: 990 acf139ff7b91b2d80f7004862a05b109\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.5-2ubuntu5.1_sparc.deb\r\n Size/MD5: 234776 345c3d38f339ca34c1ee9be88f032e07\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1.diff.gz\r\n Size/MD5: 13616 c08781f9bfe6f570c1bc2307ae11161a\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1.dsc\r\n Size/MD5: 1180 c8b7e5c0d3c5c243db8fff2e1d688073\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7.orig.tar.gz\r\n Size/MD5: 1052405 fdcb770769c013110631eca4c0473cd7\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_1.1.7-1ubuntu1.1_all.deb\r\n Size/MD5: 148564 70d3c0ab73871852654a57bfe016a08e\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.1.7-1ubuntu1.1_amd64.deb\r\n Size/MD5: 252222 025302b891c115d6e5e897853edf8881\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1_amd64.deb\r\n Size/MD5: 992 175c57bbc34a4e8c02fcd32ed96300db\r\n http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.7-1ubuntu1.1_amd64.deb\r\n Size/MD5: 221928 ba11994535768b9f81caea6ac1b32095\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.1.7-1ubuntu1.1_i386.deb\r\n Size/MD5: 216410 93574d9b673c1390c2342b2e935d02d5\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1_i386.deb\r\n Size/MD5: 988 d93e84c6199397a0ce970a876ebdf2c7\r\n http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.7-1ubuntu1.1_i386.deb\r\n Size/MD5: 189288 e44d1fd3125821eafad1dbf7ad46994a\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.7-1ubuntu1.1_lpia.deb\r\n Size/MD5: 216160 8c9e4cc288978c30c1e553bf5638c39e\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1_lpia.deb\r\n Size/MD5: 990 f56132ba70c63ba9948d475317f92c0c\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.7-1ubuntu1.1_lpia.deb\r\n Size/MD5: 189190 90c25ec9ba11ae099e4cd11133ffaa5e\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.1.7-1ubuntu1.1_powerpc.deb\r\n Size/MD5: 251186 3d8239fb2cfe77f60ccda8a22f1fb8d4\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.1.7-1ubuntu1.1_powerpc.deb\r\n Size/MD5: 992 28994fc9e054c7d2f59719c8b65c9a50\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.1.7-1ubuntu1.1_powerpc.deb\r\n Size/MD5: 219522 485225b433d38097277acefb495b83fe\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1.diff.gz\r\n Size/MD5: 16725 4b85d4c5217aa510c54d1895a5cc6757\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1.dsc\r\n Size/MD5: 1186 f27708f3d29cfb017795c39c8f49e72c\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0.orig.tar.gz\r\n Size/MD5: 1115489 4bbc9adc30d4f8e3a547f9be18a1cb74\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_1.2.0-3ubuntu1.1_all.deb\r\n Size/MD5: 143500 3d0d0e7fe445dc7ee4656dd48f0a046b\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_amd64.deb\r\n Size/MD5: 261546 5e458ee93ba58ae9041075c9ad50433a\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_amd64.deb\r\n Size/MD5: 920 c48a74bde14ea70d611beb5fc6c32a33\r\n http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_amd64.deb\r\n Size/MD5: 232576 eae18c2190d6695e69ca7ae08e698182\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_i386.deb\r\n Size/MD5: 238956 38157ad2bcfa643bfb5efdbb7ae51d87\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_i386.deb\r\n Size/MD5: 1162 102eb3e4b246cad57fd5e9015eee03db\r\n http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_i386.deb\r\n Size/MD5: 202762 3dfdd452b7e5f38f8f01a9e15a36af78\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_lpia.deb\r\n Size/MD5: 226534 844c124739c60029de60f59db12a75ec\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_lpia.deb\r\n Size/MD5: 924 8da1b32882940069d69b16d403cfe4de\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_lpia.deb\r\n Size/MD5: 200120 a63d8d2bce195fa4e2bb6dccd5981028\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_powerpc.deb\r\n Size/MD5: 256624 dad26a754830cc0baea3ce81349987a8\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_powerpc.deb\r\n Size/MD5: 926 546c9c02063e49edea72b94462ebe9ca\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_powerpc.deb\r\n Size/MD5: 223154 e4afbb362bf39aebb3d67b7260afa4c3\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.0-3ubuntu1.1_sparc.deb\r\n Size/MD5: 242240 eff218a05c6134c9784a8f8d77f1b6a9\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.0-3ubuntu1.1_sparc.deb\r\n Size/MD5: 922 3fbb27d8e9e483c36593f7bcf46a1b8e\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.0-3ubuntu1.1_sparc.deb\r\n Size/MD5: 212574 852bdffa8dd7498a865712a79b11fc7c\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1.diff.gz\r\n Size/MD5: 16946 8c6271479b997b3a974ba4667c99f2df\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1.dsc\r\n Size/MD5: 1186 74fff31c493c20c30ec8c8fb8a95d06a\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1.orig.tar.gz\r\n Size/MD5: 1038393 a12a16d88d6d565dacf2a5e6259a3337\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_1.2.1-0ubuntu1.1_all.deb\r\n Size/MD5: 143950 ec70eb23bfa2bf5382dcfa403e3ba0d7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.2.1-0ubuntu1.1_amd64.deb\r\n Size/MD5: 264698 c283a3af9f8e2661e67797965b2bd259\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1_amd64.deb\r\n Size/MD5: 940 6a6871e9c71187180f3be65bb82ae75d\r\n http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.1-0ubuntu1.1_amd64.deb\r\n Size/MD5: 235336 1a598a35a1cde47b15ee9b31750071b1\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_1.2.1-0ubuntu1.1_i386.deb\r\n Size/MD5: 242562 f1d97b33a23dcab3383e0cdb2e76a237\r\n http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1_i386.deb\r\n Size/MD5: 1238 e0a76b44f6331f761a08aae0b1308b63\r\n http://security.ubuntu.com/ubuntu/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.1-0ubuntu1.1_i386.deb\r\n Size/MD5: 205758 57cfaaa35e1119f07e3ae0ca4bfb3569\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.1-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 260076 ad0a4af418c1c08c5908c7886f08f0b8\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 942 1377ba01128cd159b5e8416e9db18c22\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.1-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 226964 ad6839f9cc1de76d1681ec9d155910e0\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter-bdb_1.2.1-0ubuntu1.1_sparc.deb\r\n Size/MD5: 250644 afa3ea4f35d95b369f8a5ff9b0951831\r\n http://ports.ubuntu.com/pool/main/b/bogofilter/bogofilter_1.2.1-0ubuntu1.1_sparc.deb\r\n Size/MD5: 940 d2605ef133f54f3442bd35de5be9c387\r\n http://ports.ubuntu.com/pool/universe/b/bogofilter/bogofilter-sqlite_1.2.1-0ubuntu1.1_sparc.deb\r\n Size/MD5: 219336 d47e239a3b57efb71700847015071b1f\r\n\r\n\r\n", "edition": 1, "modified": "2010-09-02T00:00:00", "published": "2010-09-02T00:00:00", "id": "SECURITYVULNS:DOC:24666", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24666", "title": "[USN-980-1] bogofilter vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-2494"], "description": "Crash on message parsing.", "edition": 1, "modified": "2010-09-02T00:00:00", "published": "2010-09-02T00:00:00", "id": "SECURITYVULNS:VULN:11112", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11112", "title": "bogofilter DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2494"], "description": "\nJulius Plenz reports:\n\nI found a bug in the base64_decode function which may cause memory\n\t corruption when the function is executed on a malformed base64\n\t encoded string.\nIf a string starting with an equal-sign is passed to the\n\t base64_decode function it triggers a memory corruption that\n\t in some cases makes bogofilter crash.\n\n", "edition": 4, "modified": "2010-06-28T00:00:00", "published": "2010-06-28T00:00:00", "id": "25ED4FF8-8940-11DF-A339-0026189BACA3", "href": "https://vuxml.freebsd.org/freebsd/25ed4ff8-8940-11df-a339-0026189baca3.html", "title": "bogofilter -- heap underrun on malformed base64 input", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-06-05T11:12:07", "description": "This version upgrade of bogofilter fixed a heap corruption in the base\n64 decoding routine as well as several other non-security issues.", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : bogofilter (openSUSE-SU-2012:1648-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:bogofilter-debuginfo", "p-cpe:/a:novell:opensuse:bogofilter-debugsource", "p-cpe:/a:novell:opensuse:bogofilter"], "id": "OPENSUSE-2012-851.NASL", "href": "https://www.tenable.com/plugins/nessus/74843", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-851.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74843);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2010-2494\");\n\n script_name(english:\"openSUSE Security Update : bogofilter (openSUSE-SU-2012:1648-1)\");\n script_summary(english:\"Check for the openSUSE-2012-851 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade of bogofilter fixed a heap corruption in the base\n64 decoding routine as well as several other non-security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=792939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-12/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bogofilter packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bogofilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bogofilter-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"bogofilter-1.2.3-13.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"bogofilter-debuginfo-1.2.3-13.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"bogofilter-debugsource-1.2.3-13.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bogofilter / bogofilter-debuginfo / bogofilter-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:57:42", "description": "Julius Plenz discovered that bogofilter incorrectly handled certain\nmalformed encodings. By sending a specially crafted email, a remote\nattacker could exploit this and cause bogofilter to crash, resulting\nin a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-09-01T00:00:00", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : bogofilter vulnerability (USN-980-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bogofilter-sqlite", "p-cpe:/a:canonical:ubuntu_linux:bogofilter-bdb", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:bogofilter-common", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:bogofilter"], "id": "UBUNTU_USN-980-1.NASL", "href": "https://www.tenable.com/plugins/nessus/49065", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-980-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49065);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-2494\");\n script_bugtraq_id(41339);\n script_xref(name:\"USN\", value:\"980-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : bogofilter vulnerability (USN-980-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Julius Plenz discovered that bogofilter incorrectly handled certain\nmalformed encodings. By sending a specially crafted email, a remote\nattacker could exploit this and cause bogofilter to crash, resulting\nin a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/980-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bogofilter-bdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bogofilter-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bogofilter-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"bogofilter\", pkgver:\"1.1.5-2ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"bogofilter-bdb\", pkgver:\"1.1.5-2ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"bogofilter-common\", pkgver:\"1.1.5-2ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"bogofilter-sqlite\", pkgver:\"1.1.5-2ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"bogofilter\", pkgver:\"1.1.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"bogofilter-bdb\", pkgver:\"1.1.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"bogofilter-common\", pkgver:\"1.1.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"bogofilter-sqlite\", pkgver:\"1.1.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"bogofilter\", pkgver:\"1.2.0-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"bogofilter-bdb\", pkgver:\"1.2.0-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"bogofilter-common\", pkgver:\"1.2.0-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"bogofilter-sqlite\", pkgver:\"1.2.0-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bogofilter\", pkgver:\"1.2.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bogofilter-bdb\", pkgver:\"1.2.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bogofilter-common\", pkgver:\"1.2.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bogofilter-sqlite\", pkgver:\"1.2.1-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bogofilter / bogofilter-bdb / bogofilter-common / bogofilter-sqlite\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-05T11:12:07", "description": "This version upgrade of bogofilter fixed a heap corruption in the base\n64 decoding routine as well as several other non-security issues.", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : bogofilter (openSUSE-SU-2012:1650-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bogofilter-debuginfo", "p-cpe:/a:novell:opensuse:bogofilter-debugsource", "p-cpe:/a:novell:opensuse:bogofilter", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-852.NASL", "href": "https://www.tenable.com/plugins/nessus/74844", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-852.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74844);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2010-2494\");\n\n script_name(english:\"openSUSE Security Update : bogofilter (openSUSE-SU-2012:1650-1)\");\n script_summary(english:\"Check for the openSUSE-2012-852 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade of bogofilter fixed a heap corruption in the base\n64 decoding routine as well as several other non-security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=792939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-12/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bogofilter packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bogofilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bogofilter-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bogofilter-1.2.3-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bogofilter-debuginfo-1.2.3-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bogofilter-debugsource-1.2.3-17.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bogofilter / bogofilter-debuginfo / bogofilter-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:53:29", "description": "This update of bogofilter/bogolexer fixes a heap based buffer\nunderflow vulnerability which could be exploited to cause a denial of\nservice or potentially execute arbitrary code (CVE-2010-2494).", "edition": 23, "published": "2010-07-27T00:00:00", "title": "openSUSE Security Update : bogofilter (openSUSE-SU-2010:0439-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:bogofilter"], "id": "SUSE_11_2_BOGOFILTER-100708.NASL", "href": "https://www.tenable.com/plugins/nessus/47853", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bogofilter-2668.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47853);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2010-2494\");\n\n script_name(english:\"openSUSE Security Update : bogofilter (openSUSE-SU-2010:0439-1)\");\n script_summary(english:\"Check for the bogofilter-2668 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of bogofilter/bogolexer fixes a heap based buffer\nunderflow vulnerability which could be exploited to cause a denial of\nservice or potentially execute arbitrary code (CVE-2010-2494).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-07/msg00048.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bogofilter package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"bogofilter-1.2.0-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bogofilter\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:57:33", "description": "This update of bogofilter/bogolexer fixes a heap-based buffer\nunderflow vulnerability which could be exploited to cause a denial of\nservice or potentially execute arbitrary code. (CVE-2010-2494)", "edition": 22, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : bogofilter (SAT Patch Numbers 2665 / 2666)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:bogofilter"], "id": "SUSE_11_BOGOFILTER-100708.NASL", "href": "https://www.tenable.com/plugins/nessus/50891", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50891);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2010-2494\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : bogofilter (SAT Patch Numbers 2665 / 2666)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of bogofilter/bogolexer fixes a heap-based buffer\nunderflow vulnerability which could be exploited to cause a denial of\nservice or potentially execute arbitrary code. (CVE-2010-2494)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2494.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2665 / 2666 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"bogofilter-1.1.1-174.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"bogofilter-1.1.1-174.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"bogofilter-1.1.1-174.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"bogofilter-1.1.1-174.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:52:09", "description": "This update of bogofilter/bogolexer fixes a heap based buffer\nunderflow vulnerability which could be exploited to cause a denial of\nservice or potentially execute arbitrary code (CVE-2010-2494).", "edition": 23, "published": "2010-07-27T00:00:00", "title": "openSUSE Security Update : bogofilter (openSUSE-SU-2010:0439-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:bogofilter"], "id": "SUSE_11_1_BOGOFILTER-100708.NASL", "href": "https://www.tenable.com/plugins/nessus/47852", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bogofilter-2668.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47852);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2010-2494\");\n\n script_name(english:\"openSUSE Security Update : bogofilter (openSUSE-SU-2010:0439-1)\");\n script_summary(english:\"Check for the bogofilter-2668 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of bogofilter/bogolexer fixes a heap based buffer\nunderflow vulnerability which could be exploited to cause a denial of\nservice or potentially execute arbitrary code (CVE-2010-2494).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-07/msg00048.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bogofilter package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bogofilter-1.1.1-174.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bogofilter\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:40:42", "description": "Julius Plenz reports :\n\nI found a bug in the base64_decode function which may cause memory\ncorruption when the function is executed on a malformed base64 encoded\nstring.\n\nIf a string starting with an equal-sign is passed to the base64_decode\nfunction it triggers a memory corruption that in some cases makes\nbogofilter crash.", "edition": 24, "published": "2010-07-07T00:00:00", "title": "FreeBSD : bogofilter -- heap underrun on malformed base64 input (25ed4ff8-8940-11df-a339-0026189baca3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2010-07-07T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:bogofilter-sqlite", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:bogofilter-tc", "p-cpe:/a:freebsd:freebsd:bogofilter"], "id": "FREEBSD_PKG_25ED4FF8894011DFA3390026189BACA3.NASL", "href": "https://www.tenable.com/plugins/nessus/47616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47616);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2494\");\n\n script_name(english:\"FreeBSD : bogofilter -- heap underrun on malformed base64 input (25ed4ff8-8940-11df-a339-0026189baca3)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Julius Plenz reports :\n\nI found a bug in the base64_decode function which may cause memory\ncorruption when the function is executed on a malformed base64 encoded\nstring.\n\nIf a string starting with an equal-sign is passed to the base64_decode\nfunction it triggers a memory corruption that in some cases makes\nbogofilter crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01\"\n );\n # https://vuxml.freebsd.org/freebsd/25ed4ff8-8940-11df-a339-0026189baca3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96419ea6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bogofilter-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bogofilter-tc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bogofilter<1.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bogofilter-sqlite<1.2.1_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bogofilter-tc<1.2.1_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:56", "description": "Fixes CVE-2010-2494\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-31T00:00:00", "title": "Fedora 12 : bogofilter-1.2.2-1.fc12 (2010-13154)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2010-08-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bogofilter", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-13154.NASL", "href": "https://www.tenable.com/plugins/nessus/48932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13154.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48932);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2494\");\n script_bugtraq_id(41339);\n script_xref(name:\"FEDORA\", value:\"2010-13154\");\n\n script_name(english:\"Fedora 12 : bogofilter-1.2.2-1.fc12 (2010-13154)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2010-2494\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=611551\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8570d055\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bogofilter package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"bogofilter-1.2.2-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bogofilter\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:56", "description": "Fixes CVE-2010-2494\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-31T00:00:00", "title": "Fedora 13 : bogofilter-1.2.2-1.fc13 (2010-13139)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2010-08-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bogofilter", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-13139.NASL", "href": "https://www.tenable.com/plugins/nessus/48931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13139.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48931);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2494\");\n script_bugtraq_id(41339);\n script_xref(name:\"FEDORA\", value:\"2010-13139\");\n\n script_name(english:\"Fedora 13 : bogofilter-1.2.2-1.fc13 (2010-13139)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2010-2494\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=611551\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5436b19c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bogofilter package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"bogofilter-1.2.2-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bogofilter\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:55", "description": "Fixes CVE-2010-2494\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-08-26T00:00:00", "title": "Fedora 14 : bogofilter-1.2.2-1.fc14 (2010-12959)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2494"], "modified": "2010-08-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bogofilter", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-12959.NASL", "href": "https://www.tenable.com/plugins/nessus/48747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12959.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48747);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2494\");\n script_bugtraq_id(41339);\n script_xref(name:\"FEDORA\", value:\"2010-12959\");\n\n script_name(english:\"Fedora 14 : bogofilter-1.2.2-1.fc14 (2010-12959)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2010-2494\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=611551\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046472.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?85c7f747\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bogofilter package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"bogofilter-1.2.2-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bogofilter\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2494"], "description": "Bogofilter is a Bayesian spam filter. In its normal mode of operation, it takes an email message or other text on standard input, does a statistical check against lists of \"good\" and \"bad\" words, and returns a status code indicating whether or not the message is spam. Bogofilter is designed with fast algorithms (including Berkeley DB system), coded directly in C, and tuned for speed, so it can be used for production by sites that process a lot of mail. ", "modified": "2010-08-26T03:26:26", "published": "2010-08-26T03:26:26", "id": "FEDORA:08054110BA9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: bogofilter-1.2.2-1.fc14", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2494"], "description": "Bogofilter is a Bayesian spam filter. In its normal mode of operation, it takes an email message or other text on standard input, does a statistical check against lists of \"good\" and \"bad\" words, and returns a status code indicating whether or not the message is spam. Bogofilter is designed with fast algorithms (including Berkeley DB system), coded directly in C, and tuned for speed, so it can be used for production by sites that process a lot of mail. ", "modified": "2010-08-30T18:21:30", "published": "2010-08-30T18:21:30", "id": "FEDORA:250AB1107EF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: bogofilter-1.2.2-1.fc13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2494"], "description": "Bogofilter is a Bayesian spam filter. In its normal mode of operation, it takes an email message or other text on standard input, does a statistical check against lists of \"good\" and \"bad\" words, and returns a status code indicating whether or not the message is spam. Bogofilter is designed with fast algorithms (including Berkeley DB system), coded directly in C, and tuned for speed, so it can be used for production by sites that process a lot of mail. ", "modified": "2010-08-30T18:29:39", "published": "2010-08-30T18:29:39", "id": "FEDORA:AE7831106CF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: bogofilter-1.2.2-1.fc12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:24:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2494"], "description": "Julius Plenz discovered that bogofilter incorrectly handled certain \nmalformed encodings. By sending a specially crafted email, a remote \nattacker could exploit this and cause bogofilter to crash, resulting in a \ndenial of service.", "edition": 5, "modified": "2010-08-31T00:00:00", "published": "2010-08-31T00:00:00", "id": "USN-980-1", "href": "https://ubuntu.com/security/notices/USN-980-1", "title": "bogofilter vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
