{"id": "USN-962-1", "bulletinFamily": "unix", "title": "VTE vulnerability", "description": "Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.", "published": "2010-07-15T00:00:00", "modified": "2010-07-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/962-1/", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2713"], "cvelist": ["CVE-2010-2713"], "type": "ubuntu", "lastseen": "2018-08-31T00:09:34", "history": [{"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.20.0-0ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "9.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.22.2-0ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.23.5-0ubuntu1.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2010-2713"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.", "edition": 2, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "0f7348dcc845aec50e4756f21c327d17c95c04f207257a5fdeb0cc473697844a", "hashmap": [{"hash": "3995933089ccdddd3d16f78a1cc0b986", "key": "references"}, {"hash": "9b3955372621455801edd7f7bcacafbf", "key": "title"}, {"hash": "2534c4455d293c8c25a6021ee3a854e1", "key": "description"}, {"hash": "f131bbddc1df030eb2f44bd659afe6e3", "key": "href"}, {"hash": "bf5f17cdbfc4cc9c81f25254cc8ddbdf", "key": "modified"}, {"hash": "9e8f72b11361aa64e7671b0bd6c4da56", "key": "affectedPackage"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "f4141c1efb317bab4c6952653dccacc2", "key": "cvelist"}, {"hash": "bf5f17cdbfc4cc9c81f25254cc8ddbdf", "key": "published"}], "history": [], "href": "https://usn.ubuntu.com/962-1/", "id": "USN-962-1", "lastseen": "2018-08-30T20:09:50", "modified": "2010-07-15T00:00:00", "objectVersion": "1.3", "published": "2010-07-15T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2713"], "reporter": "Ubuntu", "title": "VTE vulnerability", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T20:09:50"}, {"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.20.0-0ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "9.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.22.2-0ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.23.5-0ubuntu1.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2010-2713"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.", "edition": 1, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "d56964b250c26e9bcb33c0af1be0ee84910df6787e47aeb8f5b808ab0a59ea06", "hashmap": [{"hash": "3995933089ccdddd3d16f78a1cc0b986", "key": "references"}, {"hash": "9b3955372621455801edd7f7bcacafbf", "key": "title"}, {"hash": "2534c4455d293c8c25a6021ee3a854e1", "key": "description"}, {"hash": "f131bbddc1df030eb2f44bd659afe6e3", "key": "href"}, {"hash": "bf5f17cdbfc4cc9c81f25254cc8ddbdf", "key": "modified"}, {"hash": "9e8f72b11361aa64e7671b0bd6c4da56", "key": "affectedPackage"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "f4141c1efb317bab4c6952653dccacc2", "key": "cvelist"}, {"hash": "bf5f17cdbfc4cc9c81f25254cc8ddbdf", "key": "published"}], "history": [], "href": "https://usn.ubuntu.com/962-1/", "id": "USN-962-1", "lastseen": "2018-03-29T18:20:30", "modified": "2010-07-15T00:00:00", "objectVersion": "1.3", "published": "2010-07-15T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2713"], "reporter": "Ubuntu", "title": "VTE vulnerability", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-03-29T18:20:30"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "9e8f72b11361aa64e7671b0bd6c4da56"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "f4141c1efb317bab4c6952653dccacc2"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "2534c4455d293c8c25a6021ee3a854e1"}, {"key": "href", "hash": "f131bbddc1df030eb2f44bd659afe6e3"}, {"key": "modified", "hash": "bf5f17cdbfc4cc9c81f25254cc8ddbdf"}, {"key": "published", "hash": "bf5f17cdbfc4cc9c81f25254cc8ddbdf"}, {"key": "references", "hash": "3995933089ccdddd3d16f78a1cc0b986"}, {"key": "reporter", "hash": "3d945423f8e9496c429a5d8c65b4604f"}, {"key": "title", "hash": "9b3955372621455801edd7f7bcacafbf"}, {"key": "type", "hash": "1d41c853af58d3a7ae54990ce29417d8"}], "hash": "d56964b250c26e9bcb33c0af1be0ee84910df6787e47aeb8f5b808ab0a59ea06", "viewCount": 0, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}, "vulnersScore": 10.0}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.20.0-0ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "9.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.22.2-0ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.23.5-0ubuntu1.1"}]}

{"cve": [{"lastseen": "2016-09-03T14:08:59", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=613110", "http://www.vupen.com/english/advisories/2010/1839", "http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91", "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "http://www.ubuntu.com/usn/usn-962-1", "http://www.securityfocus.com/bid/41716"], "description": "The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.", "edition": 1, "reporter": "NVD", "published": "2010-08-05T14:17:57", "type": "cve", "title": "CVE-2010-2713", "enchantments": {"score": {"modified": "2016-09-03T14:08:59", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-2713"], "scanner": [], "cpe": ["cpe:/a:nalin_dahyabhai:vte:0.16.14", "cpe:/a:nalin_dahyabhai:vte:0.20.5", "cpe:/a:nalin_dahyabhai:vte:0.22.5", "cpe:/a:nalin_dahyabhai:vte:0.14.2", "cpe:/a:nalin_dahyabhai:vte:0.12.2", "cpe:/a:nalin_dahyabhai:vte:0.11.21", "cpe:/a:nalin_dahyabhai:vte:0.15.0", "cpe:/a:nalin_dahyabhai:vte:0.17.4", "cpe:/a:nalin_dahyabhai:vte:0.25.1", "cpe:/a:nalin_dahyabhai:vte:0.24.3"], "modified": "2010-09-09T01:43:12", "id": "CVE-2010-2713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2713", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-08T12:54:01", "references": [], "pluginID": "136141256231067710", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-07-22T00:00:00", "title": "FreeBSD Ports: vte", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2018-01-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067710", "id": "OPENVAS:136141256231067710", "sourceData": "#\n#VID 9a8fecef-92c0-11df-b140-0015f2db7bde\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 9a8fecef-92c0-11df-b140-0015f2db7bde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: vte\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.securityfocus.com/archive/1/512388\nhttp://www.vuxml.org/freebsd/9a8fecef-92c0-11df-b140-0015f2db7bde.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67710\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-22 17:43:43 +0200 (Thu, 22 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2713\");\n script_name(\"FreeBSD Ports: vte\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"vte\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.24.3\")<0) {\n txt += 'Package vte version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:57", "references": ["962-1", "http://www.ubuntu.com/usn/usn-962-1/"], "pluginID": "840460", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-962-1", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "title": "Ubuntu Update for vte vulnerability USN-962-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840460", "id": "OPENVAS:840460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_962_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for vte vulnerability USN-962-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Janne Snabb discovered that applications using VTE, such as gnome-terminal,\n did not correctly filter window and icon title request escape codes. If a\n user were tricked into viewing specially crafted output in their terminal,\n a remote attacker could execute arbitrary commands with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-962-1\";\ntag_affected = \"vte vulnerability on Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-962-1/\");\n script_id(840460);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_xref(name: \"USN\", value: \"962-1\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2713\");\n script_name(\"Ubuntu Update for vte vulnerability USN-962-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvte-dev\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte-dbg\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-common\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-doc\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9-udeb\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvte-dev\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte-dbg\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-common\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-doc\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9-udeb\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvte-dev\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte-dbg\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-common\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-doc\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9-udeb\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-17T11:05:34", "references": ["962-1", "http://www.ubuntu.com/usn/usn-962-1/"], "pluginID": "1361412562310840460", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-962-1", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for vte vulnerability USN-962-1", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2018-01-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840460", "id": "OPENVAS:1361412562310840460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_962_1.nasl 8438 2018-01-16 17:38:23Z teissa $\n#\n# Ubuntu Update for vte vulnerability USN-962-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Janne Snabb discovered that applications using VTE, such as gnome-terminal,\n did not correctly filter window and icon title request escape codes. If a\n user were tricked into viewing specially crafted output in their terminal,\n a remote attacker could execute arbitrary commands with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-962-1\";\ntag_affected = \"vte vulnerability on Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-962-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840460\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_xref(name: \"USN\", value: \"962-1\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2713\");\n script_name(\"Ubuntu Update for vte vulnerability USN-962-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvte-dev\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte-dbg\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-common\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-doc\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9-udeb\", ver:\"0.22.2-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvte-dev\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte-dbg\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-common\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-doc\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9-udeb\", ver:\"0.23.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvte-dev\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte-dbg\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-vte\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-common\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte-doc\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvte9-udeb\", ver:\"0.20.0-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:56", "references": [], "pluginID": "67710", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-07-22T00:00:00", "title": "FreeBSD Ports: vte", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2017-02-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67710", "id": "OPENVAS:67710", "sourceData": "#\n#VID 9a8fecef-92c0-11df-b140-0015f2db7bde\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 9a8fecef-92c0-11df-b140-0015f2db7bde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: vte\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.securityfocus.com/archive/1/512388\nhttp://www.vuxml.org/freebsd/9a8fecef-92c0-11df-b140-0015f2db7bde.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67710);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-22 17:43:43 +0200 (Thu, 22 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2713\");\n script_name(\"FreeBSD Ports: vte\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"vte\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.24.3\")<0) {\n txt += 'Package vte version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:11:08", "references": ["2010:161", "http://lists.mandriva.com/security-announce/2010-08/msg00022.php"], "pluginID": "831137", "description": "Check for the Version of vte", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-08-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Mandriva Update for vte MDVSA-2010:161 (vte)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713", "CVE-2003-0070"], "modified": "2017-12-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831137", "id": "OPENVAS:831137", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vte MDVSA-2010:161 (vte)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in vte:\n\n The vte_sequence_handler_window_manipulation function in vteseq.c\n in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in\n gnome-terminal, does not properly handle escape sequences, which\n allows remote attackers to execute arbitrary commands or obtain\n potentially sensitive information via a (1) window title or (2) icon\n title sequence. NOTE: this issue exists because of a CVE-2003-0070\n regression (CVE-2010-2713).\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"vte on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00022.php\");\n script_id(831137);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:161\");\n script_cve_id(\"CVE-2003-0070\", \"CVE-2010-2713\");\n script_name(\"Mandriva Update for vte MDVSA-2010:161 (vte)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvte9\", rpm:\"libvte9~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvte-devel\", rpm:\"libvte-devel~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-vte\", rpm:\"python-vte~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte9\", rpm:\"lib64vte9~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte-devel\", rpm:\"lib64vte-devel~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvte9\", rpm:\"libvte9~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvte-devel\", rpm:\"libvte-devel~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-vte\", rpm:\"python-vte~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte9\", rpm:\"lib64vte9~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte-devel\", rpm:\"lib64vte-devel~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:38", "references": ["2010:161", "http://lists.mandriva.com/security-announce/2010-08/msg00022.php"], "pluginID": "1361412562310831137", "description": "Check for the Version of vte", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-08-30T00:00:00", "title": "Mandriva Update for vte MDVSA-2010:161 (vte)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713", "CVE-2003-0070"], "modified": "2017-12-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831137", "id": "OPENVAS:1361412562310831137", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vte MDVSA-2010:161 (vte)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in vte:\n\n The vte_sequence_handler_window_manipulation function in vteseq.c\n in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in\n gnome-terminal, does not properly handle escape sequences, which\n allows remote attackers to execute arbitrary commands or obtain\n potentially sensitive information via a (1) window title or (2) icon\n title sequence. NOTE: this issue exists because of a CVE-2003-0070\n regression (CVE-2010-2713).\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"vte on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00022.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831137\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:161\");\n script_cve_id(\"CVE-2003-0070\", \"CVE-2010-2713\");\n script_name(\"Mandriva Update for vte MDVSA-2010:161 (vte)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvte9\", rpm:\"libvte9~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvte-devel\", rpm:\"libvte-devel~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-vte\", rpm:\"python-vte~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte9\", rpm:\"lib64vte9~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte-devel\", rpm:\"lib64vte-devel~0.22.2~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvte9\", rpm:\"libvte9~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvte-devel\", rpm:\"libvte-devel~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-vte\", rpm:\"python-vte~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte9\", rpm:\"lib64vte9~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vte-devel\", rpm:\"lib64vte-devel~0.20.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:43", "references": ["https://security.gentoo.org/glsa/201412-10"], "pluginID": "1361412562310121296", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201412-10", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201412-10", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310121296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121296", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201412-10.nasl 9374 2018-04-06 08:58:12Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121296\");\nscript_version(\"$Revision: 9374 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:28:08 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201412-10\");\nscript_tag(name: \"insight\", value: \"Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201412-10\");\nscript_cve_id(\"CVE-2008-4776\",\"CVE-2010-2713\",\"CVE-2010-3313\",\"CVE-2010-3314\",\"CVE-2011-0765\",\"CVE-2011-2198\",\"CVE-2012-0807\",\"CVE-2012-0808\",\"CVE-2012-1620\",\"CVE-2012-2738\",\"CVE-2012-3448\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201412-10\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-apps/egroupware\", unaffected: make_list(\"ge 1.8.004.20120613\"), vulnerable: make_list(\"lt 1.8.004.20120613\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.32.2\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.28.2-r204\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.28.2-r206\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(), vulnerable: make_list(\"lt 0.32.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-analyzer/lft\", unaffected: make_list(\"ge 3.33\"), vulnerable: make_list(\"lt 3.33\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-php/suhosin\", unaffected: make_list(\"ge 0.9.33\"), vulnerable: make_list(\"lt 0.9.33\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-misc/slock\", unaffected: make_list(\"ge 1.0\"), vulnerable: make_list(\"lt 1.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-cluster/ganglia\", unaffected: make_list(\"ge 3.3.7\"), vulnerable: make_list(\"lt 3.3.7\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-im/gg-transport\", unaffected: make_list(\"ge 2.2.4\"), vulnerable: make_list(\"lt 2.2.4\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:48:45", "references": [], "pluginID": "48428", "description": "A vulnerability has been found and corrected in vte :\n\nThe vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression (CVE-2010-2713).\n\nThe updated packages have been patched to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2010-08-25T00:00:00", "title": "Mandriva Linux Security Advisory : vte (MDVSA-2010:161)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64vte9", "p-cpe:/a:mandriva:linux:lib64vte-devel", "p-cpe:/a:mandriva:linux:vte", "p-cpe:/a:mandriva:linux:libvte-devel", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:libvte9", "p-cpe:/a:mandriva:linux:python-vte"], "id": "MANDRIVA_MDVSA-2010-161.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48428", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:161. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48428);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2010-2713\");\n script_bugtraq_id(41716);\n script_xref(name:\"MDVSA\", value:\"2010:161\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vte (MDVSA-2010:161)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in vte :\n\nThe vte_sequence_handler_window_manipulation function in vteseq.c in\nlibvte (aka libvte9) in VTE 0.25.1 and earlier, as used in\ngnome-terminal, does not properly handle escape sequences, which\nallows remote attackers to execute arbitrary commands or obtain\npotentially sensitive information via a (1) window title or (2) icon\ntitle sequence. NOTE: this issue exists because of a CVE-2003-0070\nregression (CVE-2010-2713).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64vte-devel-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64vte9-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libvte-devel-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libvte9-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"python-vte-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vte-0.20.1-1.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64vte-devel-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64vte9-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libvte-devel-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libvte9-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"python-vte-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"vte-0.22.2-1.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64vte-devel-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64vte9-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libvte-devel-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libvte9-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"python-vte-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"vte-0.24.1-2.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:46", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=621097", "http://lists.opensuse.org/opensuse-updates/2010-07/msg00032.html", "http://lists.opensuse.org/opensuse-updates/2010-07/msg00022.html"], "pluginID": "75770", "description": "VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code (CVE-2010-2713).", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:vte-lang", "p-cpe:/a:novell:opensuse:vte", "p-cpe:/a:novell:opensuse:vte-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_VTE-100716.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update vte-2729.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75770);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 22:10:32 $\");\n\n script_cve_id(\"CVE-2010-2713\");\n\n script_name(english:\"openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)\");\n script_summary(english:\"Check for the vte-2729 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"VTE was vulnerable to an old title set+query attack which could be\nused by remote attackers to execute arbitrary code (CVE-2010-2713).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-07/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-07/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=621097\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vte packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"vte-0.24.1-2.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"vte-devel-0.24.1-2.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"vte-lang-0.24.1-2.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vte / vte-devel / vte-lang\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:45", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=621097", "http://lists.opensuse.org/opensuse-updates/2010-07/msg00032.html", "http://lists.opensuse.org/opensuse-updates/2010-07/msg00022.html"], "pluginID": "47776", "description": "VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code (CVE-2010-2713).", "edition": 4, "reporter": "Tenable", "published": "2010-07-21T00:00:00", "title": "openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:vte-lang", "p-cpe:/a:novell:opensuse:vte", "p-cpe:/a:novell:opensuse:vte-devel", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_VTE-100716.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47776", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update vte-2729.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47776);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:06:04 $\");\n\n script_cve_id(\"CVE-2010-2713\");\n\n script_name(english:\"openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)\");\n script_summary(english:\"Check for the vte-2729 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"VTE was vulnerable to an old title set+query attack which could be\nused by remote attackers to execute arbitrary code (CVE-2010-2713).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-07/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-07/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=621097\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vte packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"vte-0.22.5-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"vte-devel-0.22.5-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"vte-lang-0.22.5-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vte / vte-devel / vte-lang\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:13", "references": ["http://www.securityfocus.com/archive/1/512388", "http://www.nessus.org/u?f1d27600"], "pluginID": "47752", "description": "Kees Cook reports :\n\nJanne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.", "edition": 4, "reporter": "Tenable", "published": "2010-07-19T00:00:00", "title": "FreeBSD : vte -- Classic terminal title set+query attack (9a8fecef-92c0-11df-b140-0015f2db7bde)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2013-06-22T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:vte"], "id": "FREEBSD_PKG_9A8FECEF92C011DFB1400015F2DB7BDE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47752", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47752);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2013/06/22 00:06:24 $\");\n\n script_cve_id(\"CVE-2010-2713\");\n\n script_name(english:\"FreeBSD : vte -- Classic terminal title set+query attack (9a8fecef-92c0-11df-b140-0015f2db7bde)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook reports :\n\nJanne Snabb discovered that applications using VTE, such as\ngnome-terminal, did not correctly filter window and icon title request\nescape codes. If a user were tricked into viewing specially crafted\noutput in their terminal, a remote attacker could execute arbitrary\ncommands with user privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/archive/1/512388\"\n );\n # http://www.freebsd.org/ports/portaudit/9a8fecef-92c0-11df-b140-0015f2db7bde.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1d27600\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"vte<0.24.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:51", "references": ["http://support.novell.com/security/cve/CVE-2010-2713.html", "https://bugzilla.novell.com/show_bug.cgi?id=621097"], "pluginID": "51634", "description": "This update fixes a vulnerability of VTE to an old title set and query attack which could be used by remote attackers to execute arbitrary code. (CVE-2010-2713)", "edition": 4, "reporter": "Tenable", "published": "2011-01-21T00:00:00", "title": "SuSE 11.1 Security Update : vte, vte-debuginfo, vte-debugsource, vte-devel, vte-doc, vte-lang (SAT Patch Number 2718)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:vte", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:vte-lang", "p-cpe:/a:novell:suse_linux:11:vte-doc"], "id": "SUSE_11_VTE-100715.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51634", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51634);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:56:04 $\");\n\n script_cve_id(\"CVE-2010-2713\");\n\n script_name(english:\"SuSE 11.1 Security Update : vte, vte-debuginfo, vte-debugsource, vte-devel, vte-doc, vte-lang (SAT Patch Number 2718)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a vulnerability of VTE to an old title set and query\nattack which could be used by remote attackers to execute arbitrary\ncode. (CVE-2010-2713)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=621097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2713.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2718.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:vte-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:vte-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"vte-0.22.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"vte-lang-0.22.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"vte-0.22.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"vte-lang-0.22.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"vte-0.22.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"vte-doc-0.22.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"vte-lang-0.22.5-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:37", "references": [], "pluginID": "47742", "description": "Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-07-16T00:00:00", "title": "Ubuntu 9.04 / 9.10 / 10.04 LTS : vte vulnerability (USN-962-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2713", "CVE-2003-0070"], "modified": "2018-08-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libvte-doc", "p-cpe:/a:canonical:ubuntu_linux:python-vte", "p-cpe:/a:canonical:ubuntu_linux:python-vte-dbg", "p-cpe:/a:canonical:ubuntu_linux:libvte-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libvte9", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libvte-dev"], "id": "UBUNTU_USN-962-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47742", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-962-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47742);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/08/15 12:24:49\");\n\n script_cve_id(\"CVE-2003-0070\", \"CVE-2010-2713\");\n script_xref(name:\"USN\", value:\"962-1\");\n\n script_name(english:\"Ubuntu 9.04 / 9.10 / 10.04 LTS : vte vulnerability (USN-962-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Janne Snabb discovered that applications using VTE, such as\ngnome-terminal, did not correctly filter window and icon title request\nescape codes. If a user were tricked into viewing specially crafted\noutput in their terminal, a remote attacker could execute arbitrary\ncommands with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvte-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvte-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvte-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-vte-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvte-common\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvte-dev\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvte-doc\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libvte9\", pkgver:\"1:0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"python-vte\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"python-vte-dbg\", pkgver:\"0.20.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvte-common\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvte-dev\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvte-doc\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libvte9\", pkgver:\"1:0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"python-vte\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"python-vte-dbg\", pkgver:\"0.22.2-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvte-common\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvte-dev\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvte-doc\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvte9\", pkgver:\"1:0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-vte\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-vte-dbg\", pkgver:\"0.23.5-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvte-common / libvte-dev / libvte-doc / libvte9 / python-vte / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:08:49", "references": ["https://security.gentoo.org/glsa/201412-10"], "pluginID": "79963", "description": "The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "modified": "2015-04-13T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:egroupware", "p-cpe:/a:gentoo:linux:ganglia", "p-cpe:/a:gentoo:linux:suhosin", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:slock", "p-cpe:/a:gentoo:linux:gg-transport", "p-cpe:/a:gentoo:linux:lft", "p-cpe:/a:gentoo:linux:vte"], "id": "GENTOO_GLSA-201412-10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79963", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79963);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:56 $\");\n\n script_cve_id(\"CVE-2008-4776\", \"CVE-2010-2713\", \"CVE-2010-3313\", \"CVE-2010-3314\", \"CVE-2011-0765\", \"CVE-2011-2198\", \"CVE-2012-0807\", \"CVE-2012-0808\", \"CVE-2012-1620\", \"CVE-2012-2738\", \"CVE-2012-3448\");\n script_bugtraq_id(41716, 46477, 48645, 51574, 52642, 52922, 54281, 54699);\n script_xref(name:\"GLSA\", value:\"201412-10\");\n\n script_name(english:\"GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-10\n(Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware\n VTE\n Layer Four Traceroute (LFT)\n Suhosin\n Slock\n Ganglia\n Jabber to GaduGadu Gateway\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All EGroupware users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-apps/egroupware-1.8.004.20120613'\n All VTE 0.32 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.32.2'\n All VTE 0.28 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.28.2-r204'\n All Layer Four Traceroute users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/lft-3.33'\n All Suhosin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/suhosin-0.9.33'\n All Slock users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-misc/slock-1.0'\n All Ganglia users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-cluster/ganglia-3.3.7'\n All Jabber to GaduGadu Gateway users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/gg-transport-2.2.4'\n NOTE: This is a legacy GLSA. Updates for all affected architectures have\n been available since 2013. It is likely that your system is already no\n longer affected by these issues.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:egroupware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ganglia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gg-transport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:slock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-php/suhosin\", unaffected:make_list(\"ge 0.9.33\"), vulnerable:make_list(\"lt 0.9.33\"))) flag++;\nif (qpkg_check(package:\"net-im/gg-transport\", unaffected:make_list(\"ge 2.2.4\"), vulnerable:make_list(\"lt 2.2.4\"))) flag++;\nif (qpkg_check(package:\"sys-cluster/ganglia\", unaffected:make_list(\"ge 3.3.7\"), vulnerable:make_list(\"lt 3.3.7\"))) flag++;\nif (qpkg_check(package:\"x11-misc/slock\", unaffected:make_list(\"ge 1.0\"), vulnerable:make_list(\"lt 1.0\"))) flag++;\nif (qpkg_check(package:\"www-apps/egroupware\", unaffected:make_list(\"ge 1.8.004.20120613\"), vulnerable:make_list(\"lt 1.8.004.20120613\"))) flag++;\nif (qpkg_check(package:\"net-analyzer/lft\", unaffected:make_list(\"ge 3.33\"), vulnerable:make_list(\"lt 3.33\"))) flag++;\nif (qpkg_check(package:\"x11-libs/vte\", unaffected:make_list(\"ge 0.32.2\", \"rge 0.28.2-r204\", \"rge 0.28.2-r206\"), vulnerable:make_list(\"lt 0.32.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dev-php/suhosin / net-im/gg-transport / sys-cluster/ganglia / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:35", "references": [], "description": "===========================================================\r\nUbuntu Security Notice USN-962-1 July 15, 2010\r\nvte vulnerability\r\nCVE-2010-2713\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 9.04\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 9.04:\r\n libvte9 1:0.20.0-0ubuntu2.1\r\n\r\nUbuntu 9.10:\r\n libvte9 1:0.22.2-0ubuntu2.1\r\n\r\nUbuntu 10.04 LTS:\r\n libvte9 1:0.23.5-0ubuntu1.1\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nDetails follow:\r\n\r\nJanne Snabb discovered that applications using VTE, such as gnome-terminal,\r\ndid not correctly filter window and icon title request escape codes. If a\r\nuser were tricked into viewing specially crafted output in their terminal,\r\na remote attacker could execute arbitrary commands with user privileges.\r\n\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0-0ubuntu2.1.diff.gz\r\n Size/MD5: 428402 e765295968fe78b4d8e72050dce5f2b7\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0-0ubuntu2.1.dsc\r\n Size/MD5: 1742 91b6ea4ecd1400d57d72190fab77960c\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0.orig.tar.gz\r\n Size/MD5: 1372195 2634f593b93950c58cc12983bdc363cc\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.20.0-0ubuntu2.1_all.deb\r\n Size/MD5: 34100 cb3960a156fb27606aeafcc8a3222b46\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.20.0-0ubuntu2.1_all.deb\r\n Size/MD5: 64118 50ab6b9ed24762be4629e480b28e18c1\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_amd64.deb\r\n Size/MD5: 381230 d11c934f31bd1382bb6d62603e839199\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_amd64.udeb\r\n Size/MD5: 333636 77562502f522d91fbbea6b5eba1d0982\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_amd64.deb\r\n Size/MD5: 599364 edc9be7f0fa11e6281a553208dfb3842\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_amd64.deb\r\n Size/MD5: 177654 58665e2a253ecf2653d9023733573ce2\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_amd64.deb\r\n Size/MD5: 36754 2f3d7f2540a8e6089eb143887ece13d2\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_i386.deb\r\n Size/MD5: 357832 e255a12e7f921dd4da70a9c81ccd8a72\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_i386.udeb\r\n Size/MD5: 320620 b0f150837119c4e557c9c535a969e949\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_i386.deb\r\n Size/MD5: 578074 cefed97e22169f7c47d2576ff925b3ff\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_i386.deb\r\n Size/MD5: 160650 3c6f0e195b16937bd6c159bc32ffd34c\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_i386.deb\r\n Size/MD5: 29878 082fd94ee2d4079d8e120e7adc525d01\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_lpia.deb\r\n Size/MD5: 357150 275ea65ad8d4f0afa645070809bc83db\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_lpia.udeb\r\n Size/MD5: 318818 d4239f5aca45b71b5b51469111abaaa1\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_lpia.deb\r\n Size/MD5: 575628 90f4af7d86e34f4eb49ac2c69751b544\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_lpia.deb\r\n Size/MD5: 161258 9906e6464b75188f61bcf2626209f4e5\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_lpia.deb\r\n Size/MD5: 29788 5d8228882a46943378e300854c2e8bf9\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 434366 44f0c8d2cc517dec5cda7b23ae364989\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_powerpc.udeb\r\n Size/MD5: 380478 af6da9a37b4b4dfe9277985388726c97\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 702506 9cd310cc8a3a9b10eb3ee3753500fcbe\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 171112 1392f41f7fd399d4f5a2b6901b9afdc8\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 33216 348af61aab2378a5bd4ace0e72bf0463\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_sparc.deb\r\n Size/MD5: 417216 90a00c9c1aecfe8b3982516a327b3693\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_sparc.udeb\r\n Size/MD5: 377752 a646e0dff2d00326f36006ce9da6b929\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_sparc.deb\r\n Size/MD5: 684664 8bdae71547bcdd1dbab0db1c3f23af29\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_sparc.deb\r\n Size/MD5: 160572 b92f538e7f75edaea8b95bf1ee21a1d1\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_sparc.deb\r\n Size/MD5: 30318 c90d3f542a6c5e0e5015e26c4a91834b\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2-0ubuntu2.1.diff.gz\r\n Size/MD5: 243298 3edfa4d3d5f316572e5740fcfad6921d\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2-0ubuntu2.1.dsc\r\n Size/MD5: 1834 3d1255fc5bb5c83888fe03c41717ba23\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2.orig.tar.gz\r\n Size/MD5: 1690961 395d1cfb26eb88cd59cf8c4ba9cff5a3\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.22.2-0ubuntu2.1_all.deb\r\n Size/MD5: 39738 7816f27f3df3317200f462a8ee331ed7\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.22.2-0ubuntu2.1_all.deb\r\n Size/MD5: 67816 dc826cf7ce0f58631e99c1ba0b32c9dc\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_amd64.deb\r\n Size/MD5: 374980 10a34defb72515939bf8b6a5f5d54528\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_amd64.udeb\r\n Size/MD5: 323702 f9bb18bba04c415c5193e9c41b0ee1ce\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_amd64.deb\r\n Size/MD5: 569660 b231f66728c13796395a867c890cea2b\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_amd64.deb\r\n Size/MD5: 178312 d5435792bd9eb94c5e56ea1e2737ae72\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_amd64.deb\r\n Size/MD5: 37610 de87e338985117dd7424dd4bfd300ecf\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_i386.deb\r\n Size/MD5: 354286 1a93396e5e8a9b18436add12955364ba\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_i386.udeb\r\n Size/MD5: 311194 1fa31d2b232688a45eef99db548756bc\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_i386.deb\r\n Size/MD5: 553646 9580f3c6612faefb0ed78256fed07621\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_i386.deb\r\n Size/MD5: 163708 f137ea721dcb9ea1627f71ad2b481a0b\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_i386.deb\r\n Size/MD5: 30848 564462811d1f26275dbdccd29fe35d5c\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_lpia.deb\r\n Size/MD5: 353152 1d3641a6ca8b9897e5fe17913d2e5c52\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_lpia.udeb\r\n Size/MD5: 309680 ac6253b76ea51b4bf412f8e2ead3423f\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_lpia.deb\r\n Size/MD5: 550788 27c11af8f9397f36551e32157c964344\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_lpia.deb\r\n Size/MD5: 164154 5ed643aaef2ad3582f1dac314ec696b3\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_lpia.deb\r\n Size/MD5: 30586 a68eefbfa31ee1358953a15f80a898a2\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 400068 bf0db507a15bcc2f5295a0d69869c8ab\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_powerpc.udeb\r\n Size/MD5: 341556 aaf3f154b40ac28c5bb3ba3934f20772\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 608182 0fd96c473b3320e8fc7c4a8d42114831\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 176394 b4581dbaba32185dba6b26c98cdedbd7\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_powerpc.deb\r\n Size/MD5: 33718 b90e936340b1c9e717f8b402dca16e82\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_sparc.deb\r\n Size/MD5: 383916 0052cb2d7180822c17893a4cfcef0383\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_sparc.udeb\r\n Size/MD5: 339134 0f3b107ecdffe6a2de793f5d1766634a\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_sparc.deb\r\n Size/MD5: 596110 eea4bc4b68616012efdf53abf0d5fbf7\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_sparc.deb\r\n Size/MD5: 163172 af1ecf447961b7498c6edc0f3d9b4ab9\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_sparc.deb\r\n Size/MD5: 31042 4c32e63f44db4715188932deb2e1b362\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5-0ubuntu1.1.diff.gz\r\n Size/MD5: 211284 5f70b3dca901eb710f241ae58ddbe82f\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5-0ubuntu1.1.dsc\r\n Size/MD5: 1834 d2cd6ea9a2d74191eac929364df284e3\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5.orig.tar.gz\r\n Size/MD5: 1703653 8256980f2c9b9914bb640870568adeff\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.23.5-0ubuntu1.1_all.deb\r\n Size/MD5: 41216 3362a9b7570880c5f121d45cf45f1635\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.23.5-0ubuntu1.1_all.deb\r\n Size/MD5: 71402 4e9fb7db00aa46b294c826eb2b912048\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_amd64.deb\r\n Size/MD5: 373946 2232ba9a261fa26950da8fd4cd77c0f4\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_amd64.udeb\r\n Size/MD5: 323570 0965c8fcc82a46e4a61df68db2d55286\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_amd64.deb\r\n Size/MD5: 569720 bf13b0ef86f2cb016f875925d8ea1cb6\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1_amd64.deb\r\n Size/MD5: 91070 7bb8a16739115b0fb18bee882c2496a1\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_amd64.deb\r\n Size/MD5: 19886 a22e380ba799ea4a964cbf462dc242a7\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_i386.deb\r\n Size/MD5: 353460 0e0a36204d17e2e06838b3e953f4494a\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_i386.udeb\r\n Size/MD5: 311344 d3bbb99765dd1b0bc4b37ffeb74e47a0\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_i386.deb\r\n Size/MD5: 553716 0362fb78ab8e9c657235b1207040c21d\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1_i386.deb\r\n Size/MD5: 84008 edb76ddf1c422af64b31ec3227466040\r\n http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_i386.deb\r\n Size/MD5: 16534 254d655ff5f7ad3037e9847d209f6426\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 399062 650d527c3a8ceabca5e46945cc577608\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_powerpc.udeb\r\n Size/MD5: 344968 0274fac76ecb7fcf24fa1e7876322364\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 608296 6ee308e8e565b3ef77a14187d44fa9ca\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 90264 d5e52a1bdc82da13dc10bf6d50e44bb6\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 17832 d9023a1b08175c47a95213b694b55a38\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_sparc.deb\r\n Size/MD5: 385478 abb9a0b4f444c1588530f7cd4f4ca818\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_sparc.udeb\r\n Size/MD5: 341688 a582c6a4dc3cb517a4ff86b0fadd0ed3\r\n http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_sparc.deb\r\n Size/MD5: 599642 841b2459776c09a06a584fe41ee86bd9\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1_sparc.deb\r\n Size/MD5: 83800 0d1d2bfb961cdeb8c1f32debaf2e6939\r\n http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_sparc.deb\r\n Size/MD5: 16784 5ac61fa9db2c471452e0690769732841\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-07-16T00:00:00", "title": "[USN-962-1] VTE vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:35", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-2713"], "modified": "2010-07-16T00:00:00", "id": "SECURITYVULNS:DOC:24259", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24259", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:37", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24259"], "description": "Control characters are not checked when setting window or icon title, making it possible to insert terminal ESC-sequences.", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-07-16T00:00:00", "title": "VTE control characters vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:37", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "vte", "version": "0.24", "operator": "eq"}], "cvelist": ["CVE-2010-2713"], "modified": "2010-07-16T00:00:00", "id": "SECURITYVULNS:VULN:11003", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11003", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:20", "references": ["http://www.securityfocus.com/archive/1/512388"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.24.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "vte", "operator": "lt"}], "description": "\nKees Cook reports:\n\nJanne Snabb discovered that applications using VTE, such as\n\t gnome-terminal, did not correctly filter window and icon title\n\t request escape codes. If a user were tricked into viewing\n\t specially crafted output in their terminal, a remote attacker\n\t could execute arbitrary commands with user privileges.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-07-15T00:00:00", "title": "vte -- Classic terminal title set+query attack", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-2713"], "modified": "2010-07-15T00:00:00", "id": "9A8FECEF-92C0-11DF-B140-0015F2DB7BDE", "href": "https://vuxml.freebsd.org/freebsd/9a8fecef-92c0-11df-b140-0015f2db7bde.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:02", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3314", "https://bugs.gentoo.org/show_bug.cgi?id=401645", "https://bugs.gentoo.org/show_bug.cgi?id=427802", "https://bugs.gentoo.org/show_bug.cgi?id=371320", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4776", "https://bugs.gentoo.org/show_bug.cgi?id=358787", "https://bugs.gentoo.org/show_bug.cgi?id=428776", "https://bugs.gentoo.org/show_bug.cgi?id=399427", "https://bugs.gentoo.org/show_bug.cgi?id=372905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3313", "https://bugs.gentoo.org/show_bug.cgi?id=334475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2738", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1620", "https://bugs.gentoo.org/show_bug.cgi?id=284536", "https://bugs.gentoo.org/show_bug.cgi?id=300903", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0808", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0807", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2713"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.9.33", "packageName": "dev-php/suhosin", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0", "packageName": "x11-misc/slock", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.32.2", "packageName": "x11-libs/vte", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.3.7", "packageName": "sys-cluster/ganglia", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.004.20120613", "packageName": "www-apps/egroupware", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.2.4", "packageName": "net-im/gg-transport", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.33", "packageName": "net-analyzer/lft", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * EGroupware\n * VTE\n * Layer Four Traceroute (LFT)\n * Suhosin\n * Slock\n * Ganglia\n * Jabber to GaduGadu Gateway\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll EGroupware users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-apps/egroupware-1.8.004.20120613\"\n \n\nAll VTE 0.32 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.32.2\"\n \n\nAll VTE 0.28 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.28.2-r204\"\n \n\nAll Layer Four Traceroute users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/lft-3.33\"\n \n\nAll Suhosin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/suhosin-0.9.33\"\n \n\nAll Slock users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slock-1.0\"\n \n\nAll Ganglia users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-cluster/ganglia-3.3.7\"\n \n\nAll Jabber to GaduGadu Gateway users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/gg-transport-2.2.4\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2013. It is likely that your system is already no longer affected by these issues.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-12-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2012", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "modified": "2014-12-11T00:00:00", "id": "GLSA-201412-10", "href": "https://security.gentoo.org/glsa/201412-10", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}