a. vCenter and ESX update to JRE 1.6.0 Update 31The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
{"nessus": [{"lastseen": "2022-08-15T18:17:46", "description": "a. vCenter and ESX update to JRE 1.6.0 Update 31\n\n The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012.\n\nb. vCenter Update Manager update to JRE 1.5.0 Update 36\n\n The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012.\n\nc. Update to ESX/ESXi userworld OpenSSL library\n\n The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.\n\nd. Update to ESX service console OpenSSL RPM\n\n The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue.\n\ne. Update to ESX service console kernel\n\n The ESX service console kernel is updated to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues.\n\nf. Update to ESX service console Perl RPM\n\n The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues.\n\ng. Update to ESX service console libxml2 RPMs\n\n The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue.\n\nh. Update to ESX service console glibc RPM\n\n The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue.\n\ni. Update to ESX service console GnuTLS RPM\n\n The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues.\n\nj. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n\n The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues :\n - popt-1.10.2.3-28.el5_8\n - rpm-4.4.2.3-28.el5_8\n - rpm-libs-4.4.2.3-28.el5_8\n - rpm-python-4.4.2.3-28.el5_8\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues.\n\nk. Vulnerability in third-party Apache Struts component\n\n The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue.\n\n Note: Apache struts 2.3.4 addresses the following issues as well :\n CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps.\n\n VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "published": "2012-08-31T00:00:00", "type": "nessus", "title": "VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2011-5057", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0391", "CVE-2012-0392", "CVE-2012-0393", "CVE-2012-0394", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_VMSA-2012-0013.NASL", "href": "https://www.tenable.com/plugins/nessus/61747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2012-0013. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61747);\n script_version(\"1.57\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2010-2761\", \"CVE-2010-4180\", \"CVE-2010-4252\", \"CVE-2010-4410\", \"CVE-2011-0014\", \"CVE-2011-1020\", \"CVE-2011-1089\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2699\", \"CVE-2011-3188\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-3597\", \"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4110\", \"CVE-2011-4128\", \"CVE-2011-4132\", \"CVE-2011-4324\", \"CVE-2011-4325\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4609\", \"CVE-2011-4619\", \"CVE-2012-0050\", \"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0207\", \"CVE-2012-0393\", \"CVE-2012-0815\", \"CVE-2012-0841\", \"CVE-2012-0864\", \"CVE-2012-1569\", \"CVE-2012-1573\", \"CVE-2012-1583\", \"CVE-2012-2110\");\n script_bugtraq_id(40063, 44199, 45145, 45163, 45164, 46264, 46567, 46740, 47321, 48383, 48802, 49108, 49289, 49626, 49911, 50311, 50609, 50663, 50755, 50798, 50898, 51194, 51257, 51281, 51343, 51366, 51439, 51467, 51563, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52107, 52161, 52201, 52667, 52668, 52865, 53136, 53139, 53158, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960);\n script_xref(name:\"VMSA\", value:\"2012-0013\");\n\n script_name(english:\"VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"a. vCenter and ESX update to JRE 1.6.0 Update 31\n\n The Oracle (Sun) JRE is updated to version 1.6.0_31, which\n addresses multiple security issues. Oracle has documented the\n CVE identifiers that are addressed by this update in the Oracle\n Java SE Critical Patch Update Advisory of February 2012.\n\nb. vCenter Update Manager update to JRE 1.5.0 Update 36\n\n The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple\n security issues. Oracle has documented the CVE identifiers that\n are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical\n Patch Update Advisory for June 2012.\n\nc. Update to ESX/ESXi userworld OpenSSL library\n\n The ESX/ESXi userworld OpenSSL library is updated from version\n 0.9.8p to version 0.9.8t to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-4180, CVE-2010-4252,\n CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576,\n CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.\n\nd. Update to ESX service console OpenSSL RPM\n\n The service console OpenSSL RPM is updated to version\n 0.9.8e-22.el5_8.3 to resolve a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-2110 to this issue.\n\ne. Update to ESX service console kernel\n\n The ESX service console kernel is updated to resolve multiple\n security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2011-1833, CVE-2011-2484,\n CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363,\n CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324,\n CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583\n to these issues.\n\nf. Update to ESX service console Perl RPM\n\n The ESX service console Perl RPM is updated to\n perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-2761, CVE-2010-4410, and\n CVE-2011-3597 to these issues.\n\ng. Update to ESX service console libxml2 RPMs\n\n The ESX service console libmxl2 RPMs are updated to\n libxml2-2.6.26-2.1.15.el5_8.2 and\n libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security\n issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-0841 to this issue.\n\nh. Update to ESX service console glibc RPM\n\n The ESX service console glibc RPM is updated to version\n glibc-2.5-81.el5_8.1 to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-5029, CVE-2009-5064,\n CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864\n to these issue.\n\ni. Update to ESX service console GnuTLS RPM\n\n The ESX service console GnuTLS RPM is updated to version\n 1.4.1-7.el5_8.2 to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2011-4128, CVE-2012-1569, and\n CVE-2012-1573 to these issues.\n\nj. Update to ESX service console popt, rpm, rpm-libs,\n and rpm-python RPMS\n\n The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n are updated to the following versions to resolve multiple\n security issues :\n - popt-1.10.2.3-28.el5_8\n - rpm-4.4.2.3-28.el5_8\n - rpm-libs-4.4.2.3-28.el5_8\n - rpm-python-4.4.2.3-28.el5_8\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-0060, CVE-2012-0061, and\n CVE-2012-0815 to these issues.\n\nk. Vulnerability in third-party Apache Struts component\n\n The version of Apache Struts in vCenter Operations has been\n updated to 2.3.4 which addresses an arbitrary file overwrite\n vulnerability. This vulnerability allows an attacker to create\n a denial of service by overwriting arbitrary files without\n authentication. The attacker would need to be on the same network\n as the system where vCOps is installed.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2012-0393 to this issue.\n\n Note: Apache struts 2.3.4 addresses the following issues as well :\n CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It\n was found that these do not affect vCOps.\n\n VMware would like to thank Alexander Minozhenko from ERPScan for\n reporting this issue to us.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2012/000197.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2012-08-30\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201209401-SG\",\n patch_updates : make_list(\"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201209402-SG\",\n patch_updates : make_list(\"ESX400-201305404-SG\", \"ESX400-201310402-SG\")\n )\n) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201209404-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208101-SG\",\n patch_updates : make_list(\"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208102-SG\",\n patch_updates : make_list(\"ESX410-201301405-SG\", \"ESX410-201304402-SG\", \"ESX410-201307405-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208103-SG\",\n patch_updates : make_list(\"ESX410-201307403-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208104-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208105-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208106-SG\",\n patch_updates : make_list(\"ESX410-201307404-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208107-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201208101-SG\",\n patch_updates : make_list(\"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update03\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:esx-base:5.0.0-1.25.912577\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-15T15:04:59", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries :\n\n - Apache Struts\n - glibc\n - GnuTLS\n - JRE\n - kernel\n - libxml2\n - OpenSSL\n - Perl\n - popt and rpm", "cvss3": {"score": null, "vector": null}, "published": "2016-02-29T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0393", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2012-0013_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89038", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89038);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-5029\",\n \"CVE-2009-5064\",\n \"CVE-2010-0830\",\n \"CVE-2010-2761\",\n \"CVE-2010-4180\",\n \"CVE-2010-4252\",\n \"CVE-2010-4410\",\n \"CVE-2011-0014\",\n \"CVE-2011-1020\",\n \"CVE-2011-1089\",\n \"CVE-2011-1833\",\n \"CVE-2011-2484\",\n \"CVE-2011-2496\",\n \"CVE-2011-2699\",\n \"CVE-2011-3188\",\n \"CVE-2011-3209\",\n \"CVE-2011-3363\",\n \"CVE-2011-3597\",\n \"CVE-2011-4108\",\n \"CVE-2011-4109\",\n \"CVE-2011-4110\",\n \"CVE-2011-4128\",\n \"CVE-2011-4132\",\n \"CVE-2011-4324\",\n \"CVE-2011-4325\",\n \"CVE-2011-4576\",\n \"CVE-2011-4577\",\n \"CVE-2011-4609\",\n \"CVE-2011-4619\",\n \"CVE-2012-0050\",\n \"CVE-2012-0060\",\n \"CVE-2012-0061\",\n \"CVE-2012-0207\",\n \"CVE-2012-0393\",\n \"CVE-2012-0815\",\n \"CVE-2012-0841\",\n \"CVE-2012-0864\",\n \"CVE-2012-1569\",\n \"CVE-2012-1573\",\n \"CVE-2012-1583\",\n \"CVE-2012-2110\"\n );\n script_bugtraq_id(\n 40063,\n 44199,\n 45145,\n 45163,\n 45164,\n 46264,\n 46567,\n 46740,\n 47321,\n 48383,\n 48802,\n 49108,\n 49289,\n 49626,\n 49911,\n 50311,\n 50609,\n 50663,\n 50755,\n 50798,\n 50898,\n 51194,\n 51257,\n 51281,\n 51343,\n 51366,\n 51439,\n 51467,\n 51563,\n 52009,\n 52010,\n 52011,\n 52012,\n 52013,\n 52014,\n 52015,\n 52016,\n 52017,\n 52018,\n 52019,\n 52020,\n 52107,\n 52161,\n 52201,\n 52667,\n 52668,\n 52865,\n 53136,\n 53139,\n 53158,\n 53946,\n 53947,\n 53948,\n 53949,\n 53950,\n 53951,\n 53952,\n 53953,\n 53954,\n 53956,\n 53958,\n 53959,\n 53960\n );\n script_xref(name:\"VMSA\", value:\"2012-0013\");\n\n script_name(english:\"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\nlibraries :\n\n - Apache Struts\n - glibc\n - GnuTLS\n - JRE\n - kernel\n - libxml2\n - OpenSSL\n - Perl\n - popt and rpm\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0013.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 /\n4.1 / 5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\n# Version + build map\n# https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508\nfixes = make_array();\nfixes[\"ESX 4.0\"] = 787047;\nfixes[\"ESX 4.1\"] = 800380; # Full patch -- 811144 is security-fix only\nfixes[\"ESXi 4.1\"] = 800380; # Full patch -- 811144 is security-fix only\nfixes[\"ESXi 5.0\"] = 912577; # Security-only -- 914586 is full patch\n\n# Extra fixes to report\nextra_fixes = make_array();\nextra_fixes[\"ESX 4.1\"] = 811144;\nextra_fixes[\"ESXi 4.1\"] = 811144;\nextra_fixes[\"ESXi 5.0\"] = 914586;\n\nmatches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);\nif (empty_or_null(matches))\n exit(1, 'Failed to extract the ESX / ESXi build number.');\n\ntype = matches[1];\nbuild = int(matches[2]);\n\nfixed_build = fixes[version];\n\nif (!isnull(fixed_build) && build < fixed_build)\n{\n if (!empty_or_null(extra_fixes[version])) fixed_build += \" / \" + extra_fixes[version];\n \n padding = crap(data:\" \", length:8 - strlen(type)); # Spacing alignment\n \n report = '\\n ' + type + ' version' + padding + ': ' + version +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\n security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + version + \" build \" + build);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:52:21", "description": "The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities :\n\n - An integer overflow condition exists in the\n __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code.\n (CVE-2009-5029)\n\n - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064)\n\n - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the '--verify' option is used. A remote attacker can exploit this by using a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.\n (CVE-2010-0830)\n\n - A flaw exists in OpenSSL due to a failure to properly prevent modification of the ciphersuite in the session cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. A remote attacker can exploit this to force a downgrade to an unintended cipher by intercepting the network traffic to discover a session identifier.\n (CVE-2010-4180)\n\n - A flaw exists in OpenSSL due to a failure to properly validate the public parameters in the J-PAKE protocol when J-PAKE is enabled. A remote attacker can exploit this, by sending crafted values in each round of the protocol, to bypass the need for knowledge of the shared secret. (CVE-2010-4252)\n\n - A out-of-bounds memory error exists in OpenSSL that allows a remote attacker to cause a denial of service or possibly obtain sensitive information by using a malformed ClientHello handshake message. This is also known as the 'OCSP stapling vulnerability'.\n (CVE-2011-0014)\n\n - A flaw exists in the addmntent() function in the glibc library due to a failure to report the error status for failed attempts to write to the /etc/mtab file. A local attacker can exploit this to corrupt the file by using writes from a process with a small RLIMIT_FSIZE value.\n (CVE-2011-1089)\n\n - A flaw exists in the png_set_text_2() function in the file pngset.c in the libpng library due to a failure to properly allocate memory. An unauthenticated, remote attacker can exploit this, via a crafted text chunk in a PNG image file, to trigger a heap-based buffer overflow, resulting in denial of service or the execution of arbitrary code. (CVE-2011-3048)\n\n - A flaw exists in the DTLS implementation in OpenSSL due to performing a MAC check only if certain padding is valid. A remote attacker can exploit this, via a padding oracle attack, to recover the plaintext. (CVE-2011-4108)\n\n - A double-free error exists in OpenSSL when the X509_V_FLAG_POLICY_CHECK is enabled. A remote attacker can exploit this by triggering a policy check failure, resulting in an unspecified impact. (CVE-2011-4109)\n\n - A flaw exists in OpenSSL in the SSL 3.0 implementation due to improper initialization of data structures used for block cipher padding. A remote attacker can exploit this, by decrypting the padding data sent by an SSL peer, to obtain sensitive information. (CVE-2011-4576)\n\n - A denial of service vulnerability exists in OpenSSL when RFC 3779 support is enabled. A remote attacker can exploit this to cause an assertion failure, by using an X.509 certificate containing certificate extension data associated with IP address blocks or Autonomous System (AS) identifiers. (CVE-2011-4577)\n\n - A denial of service vulnerability exists in the RPC implementation in the glibc library due to a flaw in the svc_run() function. A remote attacker can exploit this, via large number of RPC connections, to exhaust CPU resources. (CVE-2011-4609)\n\n - A denial of service vulnerability exists in the Server Gated Cryptography (SGC) implementation in OpenSSL due to a failure to properly handle handshake restarts. A remote attacker can exploit this, via unspecified vectors, to exhaust CPU resources. (CVE-2011-4619)\n\n - A denial of service vulnerability exists in OpenSSL due to improper support of DTLS applications. A remote attacker can exploit this, via unspecified vectors related to an out-of-bounds read error. Note that this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)\n\n - A security bypass vulnerability exists in the glibc library due to an integer overflow condition in the vfprintf() function in file stdio-common/vfprintf.c. An attacker can exploit this, by using a large number of arguments, to bypass the FORTIFY_SOURCE protection mechanism, allowing format string attacks or writing to arbitrary memory. (CVE-2012-0864)\n\n - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string that uses positional parameters and many format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus causing stack corruption and a crash. (CVE-2012-3404)\n\n - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string with a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering desynchronization within the buffer size handling, resulting in a segmentation fault and crash. (CVE-2012-3405)\n\n - A flaw exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly restrict the use of the alloca() function when allocating the SPECS array. An attacker can exploit this, via a crafted format string using positional parameters and a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering a denial of service or the possible execution of arbitrary code.\n (CVE-2012-3406)\n\n - A flaw exists in the glibc library due to multiple integer overflow conditions in the strtod(), strtof(), strtold(), strtod_l(), and other unspecified related functions. A local attacker can exploit these to trigger a stack-based buffer overflow, resulting in an application crash or the possible execution of arbitrary code. (CVE-2012-3480)\n\n - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI) due to a failure by control code to properly restrict memory allocation. A local attacker can exploit this, via unspecified vectors, to gain privileges. (CVE-2013-1406)\n\n - An error exists in the implementation of the Network File Copy (NFC) protocol. A man-in-the-middle attacker can exploit this, by modifying the client-server data stream, to cause a denial of service or the execution of arbitrary code. (CVE-2013-1659)", "cvss3": {"score": null, "vector": null}, "published": "2013-11-13T00:00:00", "type": "nessus", "title": "ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-4180", "CVE-2010-4252", "CVE-2011-0014", "CVE-2011-1089", "CVE-2011-3048", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0864", "CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2013-1406", "CVE-2013-1659"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/70885", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70885);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2009-5029\",\n \"CVE-2009-5064\",\n \"CVE-2010-0830\",\n \"CVE-2010-4180\",\n \"CVE-2010-4252\",\n \"CVE-2011-0014\",\n \"CVE-2011-1089\",\n \"CVE-2011-3048\",\n \"CVE-2011-4108\",\n \"CVE-2011-4109\",\n \"CVE-2011-4576\",\n \"CVE-2011-4577\",\n \"CVE-2011-4609\",\n \"CVE-2011-4619\",\n \"CVE-2012-0050\",\n \"CVE-2012-0864\",\n \"CVE-2012-3404\",\n \"CVE-2012-3405\",\n \"CVE-2012-3406\",\n \"CVE-2012-3480\",\n \"CVE-2013-1406\",\n \"CVE-2013-1659\"\n );\n script_bugtraq_id(\n 40063,\n 45163,\n 45164,\n 46264,\n 46740,\n 50898,\n 51281,\n 51439,\n 51563,\n 52201,\n 52830,\n 54374,\n 54982,\n 57867,\n 58115\n );\n script_xref(name:\"VMSA\", value:\"2013-0002\");\n script_xref(name:\"VMSA\", value:\"2013-0003\");\n script_xref(name:\"VMSA\", value:\"2012-0013\");\n script_xref(name:\"VMSA\", value:\"2012-0018\");\n\n script_name(english:\"ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.0 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi 5.0 host is affected by Multiple\nVulnerabilities :\n\n - An integer overflow condition exists in the\n __tzfile_read() function in the glibc library. An\n unauthenticated, remote attacker can exploit this, via\n a crafted timezone (TZ) file, to cause a denial of\n service or the execution of arbitrary code.\n (CVE-2009-5029)\n\n - ldd in the glibc library is affected by a privilege\n escalation vulnerability due to the omission of certain\n LD_TRACE_LOADED_OBJECTS checks in a crafted executable\n file. Note that this vulnerability is disputed by the\n library vendor. (CVE-2009-5064)\n\n - A remote code execution vulnerability exists in the\n glibc library due to an integer signedness error in the\n elf_get_dynamic_info() function when the '--verify'\n option is used. A remote attacker can exploit this by\n using a crafted ELF program with a negative value for a\n certain d_tag structure member in the ELF header.\n (CVE-2010-0830)\n\n - A flaw exists in OpenSSL due to a failure to properly\n prevent modification of the ciphersuite in the session\n cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is\n enabled. A remote attacker can exploit this to force a\n downgrade to an unintended cipher by intercepting the\n network traffic to discover a session identifier.\n (CVE-2010-4180)\n\n - A flaw exists in OpenSSL due to a failure to properly\n validate the public parameters in the J-PAKE protocol\n when J-PAKE is enabled. A remote attacker can exploit\n this, by sending crafted values in each round of the\n protocol, to bypass the need for knowledge of the shared\n secret. (CVE-2010-4252)\n\n - A out-of-bounds memory error exists in OpenSSL that\n allows a remote attacker to cause a denial of service or\n possibly obtain sensitive information by using a\n malformed ClientHello handshake message. This is also\n known as the 'OCSP stapling vulnerability'.\n (CVE-2011-0014)\n\n - A flaw exists in the addmntent() function in the glibc\n library due to a failure to report the error status for\n failed attempts to write to the /etc/mtab file. A local\n attacker can exploit this to corrupt the file by using\n writes from a process with a small RLIMIT_FSIZE value.\n (CVE-2011-1089)\n\n - A flaw exists in the png_set_text_2() function in the\n file pngset.c in the libpng library due to a failure to\n properly allocate memory. An unauthenticated, remote\n attacker can exploit this, via a crafted text chunk in a\n PNG image file, to trigger a heap-based buffer overflow,\n resulting in denial of service or the execution of\n arbitrary code. (CVE-2011-3048)\n\n - A flaw exists in the DTLS implementation in OpenSSL due\n to performing a MAC check only if certain padding is\n valid. A remote attacker can exploit this, via a padding\n oracle attack, to recover the plaintext. (CVE-2011-4108)\n\n - A double-free error exists in OpenSSL when the\n X509_V_FLAG_POLICY_CHECK is enabled. A remote attacker\n can exploit this by triggering a policy check failure,\n resulting in an unspecified impact. (CVE-2011-4109)\n\n - A flaw exists in OpenSSL in the SSL 3.0 implementation\n due to improper initialization of data structures used\n for block cipher padding. A remote attacker can exploit\n this, by decrypting the padding data sent by an SSL\n peer, to obtain sensitive information. (CVE-2011-4576)\n\n - A denial of service vulnerability exists in OpenSSL when\n RFC 3779 support is enabled. A remote attacker can\n exploit this to cause an assertion failure, by using an\n X.509 certificate containing certificate extension data\n associated with IP address blocks or Autonomous System\n (AS) identifiers. (CVE-2011-4577)\n\n - A denial of service vulnerability exists in the RPC\n implementation in the glibc library due to a flaw in the\n svc_run() function. A remote attacker can exploit this,\n via large number of RPC connections, to exhaust CPU\n resources. (CVE-2011-4609)\n\n - A denial of service vulnerability exists in the Server\n Gated Cryptography (SGC) implementation in OpenSSL due\n to a failure to properly handle handshake restarts. A\n remote attacker can exploit this, via unspecified\n vectors, to exhaust CPU resources. (CVE-2011-4619)\n\n - A denial of service vulnerability exists in OpenSSL due\n to improper support of DTLS applications. A remote\n attacker can exploit this, via unspecified vectors\n related to an out-of-bounds read error. Note that this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\n\n - A security bypass vulnerability exists in the glibc\n library due to an integer overflow condition in the\n vfprintf() function in file stdio-common/vfprintf.c. An\n attacker can exploit this, by using a large number of\n arguments, to bypass the FORTIFY_SOURCE protection\n mechanism, allowing format string attacks or writing to\n arbitrary memory. (CVE-2012-0864)\n\n - A denial of service vulnerability exists in the glibc\n library in the vfprintf() function in file\n stdio-common/vfprintf.c due to a failure to properly\n calculate a buffer length. An attacker can exploit this,\n via a format string that uses positional parameters and\n many format specifiers, to bypass the FORTIFY_SOURCE\n format-string protection mechanism, thus causing stack\n corruption and a crash. (CVE-2012-3404)\n\n - A denial of service vulnerability exists in the glibc\n library in the vfprintf() function in file\n stdio-common/vfprintf.c due to a failure to properly\n calculate a buffer length. An attacker can exploit this,\n via a format string with a large number of format\n specifiers, to bypass the FORTIFY_SOURCE format-string\n protection mechanism, thus triggering desynchronization\n within the buffer size handling, resulting in a\n segmentation fault and crash. (CVE-2012-3405)\n\n - A flaw exists in the glibc library in the vfprintf()\n function in file stdio-common/vfprintf.c due to a\n failure to properly restrict the use of the alloca()\n function when allocating the SPECS array. An attacker\n can exploit this, via a crafted format string using\n positional parameters and a large number of format\n specifiers, to bypass the FORTIFY_SOURCE format-string\n protection mechanism, thus triggering a denial of\n service or the possible execution of arbitrary code.\n (CVE-2012-3406)\n\n - A flaw exists in the glibc library due to multiple\n integer overflow conditions in the strtod(), strtof(),\n strtold(), strtod_l(), and other unspecified related\n functions. A local attacker can exploit these to trigger\n a stack-based buffer overflow, resulting in an\n application crash or the possible execution of arbitrary\n code. (CVE-2012-3480)\n\n - A privilege escalation vulnerability exists in the\n Virtual Machine Communication Interface (VMCI) due to a\n failure by control code to properly restrict memory\n allocation. A local attacker can exploit this, via\n unspecified vectors, to gain privileges. (CVE-2013-1406)\n\n - An error exists in the implementation of the Network\n File Copy (NFC) protocol. A man-in-the-middle attacker\n can exploit this, by modifying the client-server data\n stream, to cause a denial of service or the execution\n of arbitrary code. (CVE-2013-1659)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2013-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2013-0003.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0013.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0018.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2033751\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?050fd795\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2033767\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b1468ad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi500-201212101-SG according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.0\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 912577;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse exit(0, \"The host has \"+ver+\" build \"+build+\" and thus is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:04", "description": "Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)", "cvss3": {"score": null, "vector": null}, "published": "2012-01-17T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit", "p-cpe:/a:novell:suse_linux:11:openssl", "p-cpe:/a:novell:suse_linux:11:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBOPENSSL-DEVEL-120111.NASL", "href": "https://www.tenable.com/plugins/nessus/57569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57569);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n\n script_name(english:\"SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4576.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4619.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5635.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"openssl-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libopenssl0_9_8-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-doc-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:07", "description": "Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)", "cvss3": {"score": null, "vector": null}, "published": "2012-01-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSL-7923.NASL", "href": "https://www.tenable.com/plugins/nessus/57570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57570);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4576.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4619.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7923.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-devel-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-devel-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-doc-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.56.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:52", "description": "From Red Hat Security Advisory 2012:0126 :\n\nUpdated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : glibc (ELSA-2012-0126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0126.NASL", "href": "https://www.tenable.com/plugins/nessus/68456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0126 and \n# Oracle Linux Security Advisory ELSA-2012-0126 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68456);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"Oracle Linux 5 : glibc (ELSA-2012-0126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0126 :\n\nUpdated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002608.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:08", "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "CentOS 5 : glibc (CESA-2012:0126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0126.NASL", "href": "https://www.tenable.com/plugins/nessus/57924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126 and \n# CentOS Errata and Security Advisory 2012:0126 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57924);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"CentOS 5 : glibc (CESA-2012:0126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e48699c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-5064\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:34", "description": "The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120213_GLIBC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61244);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2446\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b70164f6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:08", "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-0126.NASL", "href": "https://www.tenable.com/plugins/nessus/57929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57929);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0830\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:32", "description": "The version of OpenSSL running on the remote host is affected by the following vulnerabilities :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. (CVE-2011-4619)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)", "cvss3": {"score": null, "vector": null}, "published": "2014-04-16T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory3.asc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0050"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix"], "id": "AIX_OPENSSL_ADVISORY3.NASL", "href": "https://www.tenable.com/plugins/nessus/73561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory openssl_advisory3.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73561);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2011-4108\",\n \"CVE-2011-4109\",\n \"CVE-2011-4576\",\n \"CVE-2011-4619\",\n \"CVE-2012-0050\"\n );\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"CERT\", value:\"737740\");\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory3.asc\");\n script_summary(english:\"Checks the version of the openssl packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote AIX host is running a vulnerable version of OpenSSL.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL running on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x\n before 1.0.0f performs a MAC check only if certain\n padding is valid, which makes it easier for remote\n attackers to recover plaintext via a padding oracle\n attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before\n 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows\n remote attackers to have an unspecified impact by\n triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and\n 1.x before 1.0.0f does not properly initialize data\n structures for block cipher padding, which might allow\n remote attackers to obtain sensitive information by\n decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - The Server Gated Cryptography (SGC) implementation in\n OpenSSL before 0.9.8s and 1.x before 1.0.0f does not\n properly handle handshake restarts, which allows remote\n attackers to cause a denial of service via unspecified\n vectors. (CVE-2011-4619)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS\n applications, which allows remote attackers to cause a\n denial of service via unspecified vectors. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available, and it can be downloaded from the AIX website.\n\nTo extract the fixes from the tar file :\n\n zcat openssl.0.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl-fips.12.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl.0.9.8.809.tar.Z | tar xvf -\n\nIMPORTANT : If possible, it is recommended that a mksysb backup of\nthe system be created. Verify it is both bootable and readable\nbefore proceeding.\n\nTo preview the fix installation :\n\n installp -apYd . openssl\n\nTo install the fix package :\n\n installp -aXYd . openssl\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.2\" && oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.2 / 5.3 / 6.1 / 7.1\", oslevel);\n}\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif (aix_check_package(release:\"5.2\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.808\", fixpackagever:\"0.9.8.809\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base / openssl-fips.base\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:00", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. (CVE-2011-4577)\n\n - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. (CVE-2011-4619)\n\n - The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. (CVE-2012-0027)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:openssl"], "id": "SOLARIS11_OPENSSL_20120404.NASL", "href": "https://www.tenable.com/plugins/nessus/80715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80715);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x\n before 1.0.0f performs a MAC check only if certain\n padding is valid, which makes it easier for remote\n attackers to recover plaintext via a padding oracle\n attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before\n 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows\n remote attackers to have an unspecified impact by\n triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and\n 1.x before 1.0.0f does not properly initialize data\n structures for block cipher padding, which might allow\n remote attackers to obtain sensitive information by\n decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC\n 3779 support is enabled, allows remote attackers to\n cause a denial of service (assertion failure) via an\n X.509 certificate containing certificate-extension data\n associated with (1) IP address blocks or (2) Autonomous\n System (AS) identifiers. (CVE-2011-4577)\n\n - The Server Gated Cryptography (SGC) implementation in\n OpenSSL before 0.9.8s and 1.x before 1.0.0f does not\n properly handle handshake restarts, which allows remote\n attackers to cause a denial of service (CPU consumption)\n via unspecified vectors. (CVE-2011-4619)\n\n - The GOST ENGINE in OpenSSL before 1.0.0f does not\n properly handle invalid parameters for the GOST block\n cipher, which allows remote attackers to cause a denial\n of service (daemon crash) via crafted data from a TLS\n client. (CVE-2012-0027)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS\n applications, which allows remote attackers to cause a\n denial of service (crash) via unspecified vectors\n related to an out-of-bounds read. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2012-0050-denial-of-service-dos-vulnerability-in-openssl\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ecff53d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 4a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:openssl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^openssl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.4.0.6.0\", sru:\"SRU 4a\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : openssl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"openssl\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:57", "description": "The remote host is affected by the vulnerability described in GLSA-201203-12 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL:\n Timing differences for decryption are exposed by CBC mode encryption in OpenSSL’s implementation of DTLS (CVE-2011-4108).\n A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).\n Clients and servers using SSL 3.0 handshakes do not clear the block cipher padding, allowing a record to contain up to 15 bytes of uninitialized memory, which could include sensitive information (CVE-2011-4576).\n Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577).\n A resource management error can occur when OpenSSL’s server gated cryptography (SGC) does not properly handle handshake restarts (CVE-2011-4619).\n Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027).\n An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).\n Impact :\n\n A remote attacker may be able to cause a Denial of Service or obtain sensitive information, including plaintext passwords.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-06T00:00:00", "type": "nessus", "title": "GLSA-201203-12 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201203-12.NASL", "href": "https://www.tenable.com/plugins/nessus/58222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58222);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"GLSA\", value:\"201203-12\");\n\n script_name(english:\"GLSA-201203-12 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-12\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL:\n Timing differences for decryption are exposed by CBC mode encryption\n in OpenSSL’s implementation of DTLS (CVE-2011-4108).\n A policy check failure can result in a double-free error when\n X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).\n Clients and servers using SSL 3.0 handshakes do not clear the block\n cipher padding, allowing a record to contain up to 15 bytes of\n uninitialized memory, which could include sensitive information\n (CVE-2011-4576).\n Assertion errors can occur during the handling of malformed X.509\n certificates when OpenSSL is built with RFC 3779 support\n (CVE-2011-4577).\n A resource management error can occur when OpenSSL’s server gated\n cryptography (SGC) does not properly handle handshake restarts\n (CVE-2011-4619).\n Invalid parameters in the GOST block cipher are not properly handled\n by the GOST ENGINE(CVE-2012-0027).\n An incorrect fix for CVE-2011-4108 creates an unspecified\n vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).\n \nImpact :\n\n A remote attacker may be able to cause a Denial of Service or obtain\n sensitive information, including plaintext passwords.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0g'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.0g\", \"rge 0.9.8t\", \"rge 0.9.8u\", \"rge 0.9.8v\", \"rge 0.9.8w\", \"rge 0.9.8x\", \"rge 0.9.8y\", \"rge 0.9.8z_p1\", \"rge 0.9.8z_p2\", \"rge 0.9.8z_p3\", \"rge 0.9.8z_p4\", \"rge 0.9.8z_p5\", \"rge 0.9.8z_p6\", \"rge 0.9.8z_p7\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.0g\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:12:06", "description": "An updated rhev-hypervisor6 package that fixes multiple security issues and various bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2009-5029 and CVE-2011-4609 (glibc issues)\n\nCVE-2012-0056 (kernel issue)\n\nCVE-2011-4108 and CVE-2012-0050 (openssl issues)\n\nThis update also fixes the following bugs :\n\n* Previously, it was possible to begin a Hypervisor installation without any valid disks to install to.\n\nNow, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations.\n\nThe TUI has been updated to display the registration status of the Hypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. (BZ#788225)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2012:0109)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0029", "CVE-2012-0050", "CVE-2012-0056"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0109.NASL", "href": "https://www.tenable.com/plugins/nessus/79282", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0109. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79282);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0029\");\n script_bugtraq_id(51281, 51642);\n script_xref(name:\"RHSA\", value:\"2012:0109\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2012:0109)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes multiple security\nissues and various bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting\nCVE-2012-0029.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2009-5029 and CVE-2011-4609 (glibc issues)\n\nCVE-2012-0056 (kernel issue)\n\nCVE-2011-4108 and CVE-2012-0050 (openssl issues)\n\nThis update also fixes the following bugs :\n\n* Previously, it was possible to begin a Hypervisor installation\nwithout any valid disks to install to.\n\nNow, if no valid disks are found for Hypervisor installation, a\nmessage is displayed informing the user that there are no valid disks\nfor installation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic\nor RHN Satellite. As a result, customers could not easily determine\nthe registration status of their Hypervisor installations.\n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall\noptions were passed but local_boot or upgrade were not passed. Now,\nneither the local_boot or upgrade parameters are required for\nautoinstall. (BZ#788225)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which fixes these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0029\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/3.0/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44b2ccfe\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0109\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor6 and / or rhev-hypervisor6-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0109\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.2-20120209.0.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-tools-6.2-20120209.0.el6_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6 / rhev-hypervisor6-tools\");\n }\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T14:56:00", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-31T00:00:00", "type": "nessus", "title": "CentOS 6 : openssl (CESA-2012:0059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/57731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0059 and \n# CentOS Errata and Security Advisory 2012:0059 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57731);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"RHSA\", value:\"2012:0059\");\n\n script_name(english:\"CentOS 6 : openssl (CESA-2012:0059)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-January/018396.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd0fba87\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4576\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T14:56:00", "description": "New upstream package with bugfixes and fixes for moderate and low impact CVEs.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "Fedora 15 : openssl-1.0.0f-1.fc15 (2012-0250)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-0250.NASL", "href": "https://www.tenable.com/plugins/nessus/57546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0250.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57546);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_xref(name:\"FEDORA\", value:\"2012-0250\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0f-1.fc15 (2012-0250)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with bugfixes and fixes for moderate and low\nimpact CVEs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771780\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/071944.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?004d146e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0f-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T14:55:19", "description": "New upstream package with bugfixes and fixes for moderate and low impact CVEs.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-11T00:00:00", "type": "nessus", "title": "Fedora 16 : openssl-1.0.0f-1.fc16 (2012-0232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-0232.NASL", "href": "https://www.tenable.com/plugins/nessus/57479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0232.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57479);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"FEDORA\", value:\"2012-0232\");\n\n script_name(english:\"Fedora 16 : openssl-1.0.0f-1.fc16 (2012-0232)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with bugfixes and fixes for moderate and low\nimpact CVEs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771780\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/071789.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e303d3f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"openssl-1.0.0f-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:05:03", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20120124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120124_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61225);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20120124)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=1943\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60ef0d7f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:03:30", "description": "From Red Hat Security Advisory 2012:0059 :\n\nUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : openssl (ELSA-2012-0059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/68437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0059 and \n# Oracle Linux Security Advisory ELSA-2012-0059 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68437);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"RHSA\", value:\"2012:0059\");\n\n script_name(english:\"Oracle Linux 6 : openssl (ELSA-2012-0059)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0059 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002569.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-12T16:48:03", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-25T00:00:00", "type": "nessus", "title": "RHEL 6 : openssl (RHSA-2012:0059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/57677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0059. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57677);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"RHSA\", value:\"2012:0059\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2012:0059)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4619\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0059\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-12T15:09:48", "description": "It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2012-38)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-38.NASL", "href": "https://www.tenable.com/plugins/nessus/69645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-38.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69645);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_xref(name:\"ALAS\", value:\"2012-38\");\n script_xref(name:\"RHSA\", value:\"2012:0059\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2012-38)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-38.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.0g-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.0g-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.0g-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.0g-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.0g-1.26.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:59:08", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-25T00:00:00", "type": "nessus", "title": "RHEL 5 : openssl (RHSA-2012:0060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-0060.NASL", "href": "https://www.tenable.com/plugins/nessus/57678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0060. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57678);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"RHSA\", value:\"2012:0060\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2012:0060)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in\nOpenSSL. A remote attacker could use this flaw to crash an application\nthat uses OpenSSL by providing an X.509 certificate that has specially\ncrafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4619\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssl, openssl-devel and / or openssl-perl\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0060\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-20.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-20.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-20.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-20.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-20.el5_7.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:09", "description": "Multiple vulnerabilities has been found and corrected in openssl :\n\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack (CVE-2011-4108).\n\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check (CVE-2011-4109).\n\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer (CVE-2011-4576).\n\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors (CVE-2011-4619).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-17T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2012:006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0-devel", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0-static-devel", "p-cpe:/a:mandriva:linux:libopenssl-engines1.0.0", "p-cpe:/a:mandriva:linux:libopenssl0.9.8", "p-cpe:/a:mandriva:linux:libopenssl1.0.0", "p-cpe:/a:mandriva:linux:libopenssl1.0.0-devel", "p-cpe:/a:mandriva:linux:libopenssl1.0.0-static-devel", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2012-006.NASL", "href": "https://www.tenable.com/plugins/nessus/57568", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:006. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57568);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"MDVSA\", value:\"2012:006\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2012:006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in openssl :\n\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f\nperforms a MAC check only if certain padding is valid, which makes it\neasier for remote attackers to recover plaintext via a padding oracle\nattack (CVE-2011-4108).\n\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\nX509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have\nan unspecified impact by triggering failure of a policy check\n(CVE-2011-4109).\n\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n1.0.0f does not properly initialize data structures for block cipher\npadding, which might allow remote attackers to obtain sensitive\ninformation by decrypting the padding data sent by an SSL peer\n(CVE-2011-4576).\n\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before\n0.9.8s and 1.x before 1.0.0f does not properly handle handshake\nrestarts, which allows remote attackers to cause a denial of service\nvia unspecified vectors (CVE-2011-4619).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl1.0.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl1.0.0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8s-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-devel-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-static-devel-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl-engines1.0.0-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8s-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl1.0.0-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl1.0.0-devel-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl1.0.0-static-devel-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"openssl-1.0.0a-1.9mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:04", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-26T00:00:00", "type": "nessus", "title": "CentOS 5 : openssl (CESA-2012:0060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0060.NASL", "href": "https://www.tenable.com/plugins/nessus/57692", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0060 and \n# CentOS Errata and Security Advisory 2012:0060 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57692);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"RHSA\", value:\"2012:0060\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2012:0060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in\nOpenSSL. A remote attacker could use this flaw to crash an application\nthat uses OpenSSL by providing an X.509 certificate that has specially\ncrafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018421.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1eaa5dfb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4109\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-20.el5_7.1.0.1.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-20.el5_7.1.0.1.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-20.el5_7.1.0.1.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:38", "description": "From Red Hat Security Advisory 2012:0060 :\n\nUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : openssl (ELSA-2012-0060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0060.NASL", "href": "https://www.tenable.com/plugins/nessus/68438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0060 and \n# Oracle Linux Security Advisory ELSA-2012-0060 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68438);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"RHSA\", value:\"2012:0060\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2012-0060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0060 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in\nOpenSSL. A remote attacker could use this flaw to crash an application\nthat uses OpenSSL by providing an X.509 certificate that has specially\ncrafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002567.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-20.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:42", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20120124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120124_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61224);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20120124)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in\nOpenSSL. A remote attacker could use this flaw to crash an application\nthat uses OpenSSL by providing an X.509 certificate that has specially\ncrafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=1447\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36f0c920\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-20.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:10", "description": "Versions of OpenSSL 0.9.8 earlier than 0.9.8s, and 1.0.0 earlier than 1.0.0f are potentially affected by the following vulnerabilities :\n\n - An extension of the Vaudenay padding oracle attack exists against CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. (CVE-2011-4108)\n\n - If x509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. (CVE-2011-4109)\n\n - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. (CVE-2011-4576)\n\n - RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. (CVE-2011-4577)\n\n - Support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. (CVE-2011-4619)\n\n - A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to a lack of error checking. (CVE-2012-0027)", "cvss3": {"score": null, "vector": null}, "published": "2012-01-05T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2012-01-05T00:00:00", "cpe": [], "id": "801059.PRM", "href": "https://www.tenable.com/plugins/lce/801059", "sourceData": "Binary data 801059.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:12", "description": "Versions of OpenSSL 0.9.8 earlier than 0.9.8s, and 1.0.0 earlier than 1.0.0f are potentially affected by the following vulnerabilities :\n\n - An extension of the Vaudenay padding oracle attack exists against CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. (CVE-2011-4108)\n\n - If x509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. (CVE-2011-4109)\n\n - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. (CVE-2011-4576)\n\n - RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. (CVE-2011-4577)\n\n - Support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. (CVE-2011-4619)\n\n - A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to a lack of error checking. (CVE-2012-0027)", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2012-01-05T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"], "id": "6129.PRM", "href": "https://www.tenable.com/plugins/nnm/6129", "sourceData": "Binary data 6129.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:19", "description": "According to its banner, the remote web server is running a version of OpenSSL older than 0.9.8s. Such versions have the following vulnerabilities :\n\n - An error exists related to ECDSA signatures and binary curves. The implementation of curves over binary fields could allow a remote, unauthenticated attacker to determine private key material via timing attacks.\n (CVE-2011-1945)\n\n - The Datagram Transport Layer Security (DTLS) implementation is vulnerable to plaintext recovery attacks when decrypting in CBC mode. (CVE-2011-4108)\n\n - A double-free error exists during a policy check failure if the flag 'X509_V_FLAG_POLICY_CHECK' is set.\n (CVE-2011-4109)\n\n - An error exists related to SSLv3.0 records that can lead to disclosure of uninitialized memory because the library does not clear all bytes used as block cipher padding. (CVE-2011-4576)\n\n - An error exists related to RFC 3779 processing that can allow denial of service attacks. Note that this functionality is not enabled by default and must be configured at compile time via the 'enable-rfc3779' option. (CVE-2011-4577)\n\n - An error exists related to handshake restarts for server gated cryptography (SGC) that can allow denial of service attacks. (CVE-2011-4619)", "cvss3": {"score": null, "vector": null}, "published": "2012-01-09T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8s Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1945", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8S.NASL", "href": "https://www.tenable.com/plugins/nessus/57459", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57459);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\n \"CVE-2011-1945\",\n \"CVE-2011-4108\",\n \"CVE-2011-4109\",\n \"CVE-2011-4576\",\n \"CVE-2011-4577\",\n \"CVE-2011-4619\"\n );\n script_bugtraq_id(51281, 47888);\n script_xref(name:\"CERT\", value:\"536044\");\n\n script_name(english:\"OpenSSL < 0.9.8s Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server has multiple SSL-related vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running a version\nof OpenSSL older than 0.9.8s. Such versions have the following\nvulnerabilities :\n\n - An error exists related to ECDSA signatures and binary\n curves. The implementation of curves over binary fields\n could allow a remote, unauthenticated attacker to\n determine private key material via timing attacks.\n (CVE-2011-1945)\n\n - The Datagram Transport Layer Security (DTLS)\n implementation is vulnerable to plaintext recovery\n attacks when decrypting in CBC mode. (CVE-2011-4108)\n\n - A double-free error exists during a policy check\n failure if the flag 'X509_V_FLAG_POLICY_CHECK' is set.\n (CVE-2011-4109)\n\n - An error exists related to SSLv3.0 records that can \n lead to disclosure of uninitialized memory because the\n library does not clear all bytes used as block cipher\n padding. (CVE-2011-4576)\n\n - An error exists related to RFC 3779 processing that can\n allow denial of service attacks. Note that this \n functionality is not enabled by default and must be\n configured at compile time via the 'enable-rfc3779'\n option. (CVE-2011-4577)\n\n - An error exists related to handshake restarts for \n server gated cryptography (SGC) that can allow denial\n of service attacks. (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/changelog.html\"\n );\n # Google html cache of AlFardan & Paterson PDF\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0f10f36\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2011/232.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"http://cvs.openssl.org/chngview?cn=21301\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to OpenSSL 0.9.8s or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:make_list('0.9.8s'), severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:15", "description": "The OpenSSL Team reports :\n\n6 security flaws have been fixed in OpenSSL 1.0.0f :\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free.\n\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.\n\nRFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.\n\nSupport for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.\n\nA malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking.\nThis could be used in a denial-of-service attack.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_78CC8A463E5611E189B4001EC9578670.NASL", "href": "https://www.tenable.com/plugins/nessus/57551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57551);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_bugtraq_id(51281);\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL Team reports :\n\n6 security flaws have been fixed in OpenSSL 1.0.0f :\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free.\n\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as\nblock cipher padding in SSL 3.0 records. As a result, in each record,\nup to 15 bytes of uninitialized memory may be sent, encrypted, to the\nSSL peer. This could include sensitive contents of previously freed\nmemory.\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack.\n\nSupport for handshake restarts for server gated cryptograpy (SGC) can\nbe used in a denial-of-service attack.\n\nA malicious TLS client can send an invalid set of GOST parameters\nwhich will cause the server to crash due to lack of error checking.\nThis could be used in a denial-of-service attack.\"\n );\n # http://openssl.org/news/secadv/20120104.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/78cc8a46-3e56-11e1-89b4-001ec9578670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?726bda3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.0_8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T17:17:09", "description": "Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL", "href": "https://www.tenable.com/plugins/nessus/75908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-5634.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75908);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)\");\n script_summary(english:\"Check for the libopenssl-devel-5634 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl-devel-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl1_0_0-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl1_0_0-debuginfo-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-debuginfo-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-debugsource-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.0c-18.23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-01T17:18:01", "description": "Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577) \n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBOPENSSL-DEVEL-120111.NASL", "href": "https://www.tenable.com/plugins/nessus/75598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-5634.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75598);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)\");\n script_summary(english:\"Check for the libopenssl-devel-5634 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577) \n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl-devel-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl1_0_0-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"openssl-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0-6.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T14:55:40", "description": "According to its banner, the remote web server is running a version of OpenSSL 1.x that is earlier than 1.0.0f. Such versions are affected by the following vulnerabilities :\n\n - The Datagram Transport Layer Security (DTLS) implementation is vulnerable to plaintext recovery attacks when decrypting in CBC mode. (CVE-2011-4108)\n\n - An error exists related to SSLv3.0 records that can lead to disclosure of uninitialized memory because the library does not clear all bytes used as block cipher padding. (CVE-2011-4576)\n\n - An error exists related to RFC 3779 processing that can allow denial of service attacks. Note that this functionality is not enabled by default and must be configured at compile time via the 'enable-rfc3779' option. (CVE-2011-4577)\n\n - An error exists related to handshake restarts for server gated cryptography (SGC) that can allow denial of service attacks. (CVE-2011-4619)\n\n - An error exists in the GOST implementation that can allow invalid GOST parameters to crash the server.\n (CVE-2012-0027)", "cvss3": {"score": null, "vector": null}, "published": "2012-01-09T00:00:00", "type": "nessus", "title": "OpenSSL 1.x < 1.0.0f Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0F.NASL", "href": "https://www.tenable.com/plugins/nessus/57460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57460);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\n \"CVE-2011-4108\",\n \"CVE-2011-4576\",\n \"CVE-2011-4577\",\n \"CVE-2011-4619\",\n \"CVE-2012-0027\"\n );\n script_bugtraq_id(51281);\n\n script_name(english:\"OpenSSL 1.x < 1.0.0f Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is affected by multiple SSL-related\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running a version\nof OpenSSL 1.x that is earlier than 1.0.0f. Such versions are affected \nby the following vulnerabilities :\n\n - The Datagram Transport Layer Security (DTLS)\n implementation is vulnerable to plaintext recovery\n attacks when decrypting in CBC mode. (CVE-2011-4108)\n\n - An error exists related to SSLv3.0 records that can \n lead to disclosure of uninitialized memory because the\n library does not clear all bytes used as block cipher\n padding. (CVE-2011-4576)\n\n - An error exists related to RFC 3779 processing that can\n allow denial of service attacks. Note that this \n functionality is not enabled by default and must be\n configured at compile time via the 'enable-rfc3779'\n option. (CVE-2011-4577)\n\n - An error exists related to handshake restarts for \n server gated cryptography (SGC) that can allow denial\n of service attacks. (CVE-2011-4619)\n\n - An error exists in the GOST implementation that can \n allow invalid GOST parameters to crash the server.\n (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/changelog.html\"\n );\n # Google html cache of AlFardan & Paterson PDF\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0f10f36\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to OpenSSL 1.0.0f or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2012/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0f', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-01T17:17:07", "description": "openssl was prone to several security issues :\n\n - DTLS Plaintext Recovery Attack (CVE-2011-4108)\n\n - Uninitialized SSL 3.0 Padding (CVE-2011-4576)\n\n - Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)\n\n - SGC Restart DoS Attack (CVE-2011-4619)\n\n - Invalid GOST parameters DoS Attack (CVE-2012-0027)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2012-52)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-52.NASL", "href": "https://www.tenable.com/plugins/nessus/74722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-52.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74722);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2012-52)\");\n script_summary(english:\"Check for the openSUSE-2012-52 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssl was prone to several security issues :\n\n - DTLS Plaintext Recovery Attack (CVE-2011-4108)\n\n - Uninitialized SSL 3.0 Padding (CVE-2011-4576)\n\n - Malformed RFC 3779 Data Can Cause Assertion Failures\n (CVE-2011-4577)\n\n - SGC Restart DoS Attack (CVE-2011-4619)\n\n - Invalid GOST parameters DoS Attack (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl-devel-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl1_0_0-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-debuginfo-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-debugsource-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.0e-34.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:57:13", "description": "Multiple vulnerabilities has been found and corrected in openssl :\n\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack (CVE-2011-4108).\n\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check (CVE-2011-4109).\n\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer (CVE-2011-4576).\n\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors (CVE-2011-4619).\n\nThe GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client (CVE-2012-0027).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-09-06T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2012:007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl-devel", "p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl-static-devel", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0", "p-cpe:/a:mandriva:linux:libopenssl-devel", "p-cpe:/a:mandriva:linux:libopenssl-engines1.0.0", "p-cpe:/a:mandriva:linux:libopenssl-static-devel", "p-cpe:/a:mandriva:linux:libopenssl1.0.0", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-007.NASL", "href": "https://www.tenable.com/plugins/nessus/61942", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:007. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61942);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_bugtraq_id(51281);\n script_xref(name:\"MDVSA\", value:\"2012:007\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2012:007)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in openssl :\n\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f\nperforms a MAC check only if certain padding is valid, which makes it\neasier for remote attackers to recover plaintext via a padding oracle\nattack (CVE-2011-4108).\n\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\nX509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have\nan unspecified impact by triggering failure of a policy check\n(CVE-2011-4109).\n\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n1.0.0f does not properly initialize data structures for block cipher\npadding, which might allow remote attackers to obtain sensitive\ninformation by decrypting the padding data sent by an SSL peer\n(CVE-2011-4576).\n\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before\n0.9.8s and 1.x before 1.0.0f does not properly handle handshake\nrestarts, which allows remote attackers to cause a denial of service\nvia unspecified vectors (CVE-2011-4619).\n\nThe GOST ENGINE in OpenSSL before 1.0.0f does not properly handle\ninvalid parameters for the GOST block cipher, which allows remote\nattackers to cause a denial of service (daemon crash) via crafted data\nfrom a TLS client (CVE-2012-0027).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-devel-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-devel-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-static-devel-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl1.0.0-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openssl-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:16", "description": "Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :\n\n - CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.\n\n - CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check.\n\n - CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server.\n (Regular RSA-based keys are not affected by this vulnerability.)\n\n - CVE-2011-4576 The SSL 3.0 implementation does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n\n - CVE-2011-4619 The Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, unnecessarily simplifying CPU exhaustion attacks.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "Debian DSA-2390-1 : openssl - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4619"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2390.NASL", "href": "https://www.tenable.com/plugins/nessus/57543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2390. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57543);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_bugtraq_id(50882, 51281);\n script_xref(name:\"DSA\", value:\"2390\");\n\n script_name(english:\"Debian DSA-2390-1 : openssl - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and Exposures\nproject identifies the following vulnerabilities :\n\n - CVE-2011-4108\n The DTLS implementation performs a MAC check only if\n certain padding is valid, which makes it easier for\n remote attackers to recover plaintext via a padding\n oracle attack.\n\n - CVE-2011-4109\n A double free vulnerability when\n X509_V_FLAG_POLICY_CHECK is enabled, allows remote\n attackers to cause applications crashes and potentially\n allow execution of arbitrary code by triggering failure\n of a policy check.\n\n - CVE-2011-4354\n On 32-bit systems, the operations on NIST elliptic\n curves P-256 and P-384 are not correctly implemented,\n potentially leaking the private ECC key of a TLS server.\n (Regular RSA-based keys are not affected by this\n vulnerability.)\n\n - CVE-2011-4576\n The SSL 3.0 implementation does not properly initialize\n data structures for block cipher padding, which might\n allow remote attackers to obtain sensitive information\n by decrypting the padding data sent by an SSL peer.\n\n - CVE-2011-4619\n The Server Gated Cryptography (SGC) implementation in\n OpenSSL does not properly handle handshake restarts,\n unnecessarily simplifying CPU exhaustion attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2390\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"openssl\", reference:\"0.9.8g-15+lenny15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-15T18:11:50", "description": "Problem description :\n\nOpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.\n[CVE-2011-4576]\n\nOpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619]\n\nIf an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free.\n[CVE-2011-4109]\n\nA weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884]\n\nThe asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]", "cvss3": {"score": null, "vector": null}, "published": "2012-06-28T00:00:00", "type": "nessus", "title": "FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-2110"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:FreeBSD", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL", "href": "https://www.tenable.com/plugins/nessus/59747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59747);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\", \"CVE-2012-0884\", \"CVE-2012-2110\");\n script_bugtraq_id(51281, 52428, 53158);\n script_xref(name:\"FreeBSD\", value:\"SA-12:01.openssl\");\n\n script_name(english:\"FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Problem description :\n\nOpenSSL fails to clear the bytes used as block cipher padding in SSL\n3.0 records when operating as a client or a server that accept SSL 3.0\nhandshakes. As a result, in each record, up to 15 bytes of\nuninitialized memory may be sent, encrypted, to the SSL peer. This\ncould include sensitive contents of previously freed memory.\n[CVE-2011-4576]\n\nOpenSSL support for handshake restarts for server gated cryptography\n(SGC) can be used in a denial-of-service attack. [CVE-2011-4619]\n\nIf an application uses OpenSSL's certificate policy checking when\nverifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK\nflag, a policy check failure can lead to a double-free.\n[CVE-2011-4109]\n\nA weakness in the OpenSSL PKCS #7 code can be exploited using\nBleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the\nmillion message attack (MMA). [CVE-2012-0884]\n\nThe asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp\nfunctions, in OpenSSL contains multiple integer errors that can cause\nmemory corruption when parsing encoded ASN.1 data. This error can\noccur on systems that parse untrusted ASN.1 data, such as X.509\ncertificates or RSA public keys. [CVE-2012-2110]\"\n );\n # https://vuxml.freebsd.org/freebsd/2ae114de-c064-11e1-b5e0-000c299b62e1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32392d4e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.4<7.4_8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.1<8.1_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.2<8.2_8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.3<8.3_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=9.0<9.0_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:07", "description": "From Red Hat Security Advisory 2011:1797 :\n\nUpdated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system administration utilities and web programming.\n\nIt was found that the 'new' constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597)\n\nIt was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761)\n\nA CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410)\n\nAll Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : perl (ELSA-2011-1797)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-4410", "CVE-2011-3597"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:perl", "p-cpe:/a:oracle:linux:perl-suidperl", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1797.NASL", "href": "https://www.tenable.com/plugins/nessus/68402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1797 and \n# Oracle Linux Security Advisory ELSA-2011-1797 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68402);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-4410\", \"CVE-2011-3597\");\n script_bugtraq_id(44199, 45145, 49911);\n script_xref(name:\"RHSA\", value:\"2011:1797\");\n\n script_name(english:\"Oracle Linux 4 / 5 : perl (ELSA-2011-1797)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1797 :\n\nUpdated perl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nIt was found that the 'new' constructor of the Digest module used its\nargument as part of the string expression passed to the eval()\nfunction. An attacker could possibly use this flaw to execute\narbitrary Perl code with the privileges of a Perl program that uses\nuntrusted input as an argument to the constructor. (CVE-2011-3597)\n\nIt was found that the Perl CGI module used a hard-coded value for the\nMIME boundary string in multipart/x-mixed-replace content. A remote\nattacker could possibly use this flaw to conduct an HTTP response\nsplitting attack via a specially crafted HTTP request. (CVE-2010-2761)\n\nA CRLF injection flaw was found in the way the Perl CGI module\nprocessed a sequence of non-whitespace preceded by newline characters\nin the header. A remote attacker could use this flaw to conduct an\nHTTP response splitting attack via a specially crafted sequence of\ncharacters provided to the CGI module. (CVE-2010-4410)\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002498.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"perl-5.8.5-57.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"perl-suidperl-5.8.5-57.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"perl-5.8.8-32.0.1.el5_7.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"perl-suidperl-5.8.8-32.0.1.el5_7.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-suidperl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:28", "description": "Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system administration utilities and web programming.\n\nIt was found that the 'new' constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597)\n\nIt was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761)\n\nA CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410)\n\nAll Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-12-09T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : perl (RHSA-2011:1797)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-4410", "CVE-2011-3597"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:perl", "p-cpe:/a:redhat:enterprise_linux:perl-suidperl", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1797.NASL", "href": "https://www.tenable.com/plugins/nessus/57053", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1797. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57053);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-4410\", \"CVE-2011-3597\");\n script_bugtraq_id(44199, 45145, 49911);\n script_xref(name:\"RHSA\", value:\"2011:1797\");\n\n script_name(english:\"RHEL 4 / 5 : perl (RHSA-2011:1797)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated perl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nIt was found that the 'new' constructor of the Digest module used its\nargument as part of the string expression passed to the eval()\nfunction. An attacker could possibly use this flaw to execute\narbitrary Perl code with the privileges of a Perl program that uses\nuntrusted input as an argument to the constructor. (CVE-2011-3597)\n\nIt was found that the Perl CGI module used a hard-coded value for the\nMIME boundary string in multipart/x-mixed-replace content. A remote\nattacker could possibly use this flaw to conduct an HTTP response\nsplitting attack via a specially crafted HTTP request. (CVE-2010-2761)\n\nA CRLF injection flaw was found in the way the Perl CGI module\nprocessed a sequence of non-whitespace preceded by newline characters\nin the header. A remote attacker could use this flaw to conduct an\nHTTP response splitting attack via a specially crafted sequence of\ncharacters provided to the CGI module. (CVE-2010-4410)\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1797\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl and / or perl-suidperl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1797\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"perl-5.8.5-57.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"perl-suidperl-5.8.5-57.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"perl-5.8.8-32.el5_7.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"perl-5.8.8-32.el5_7.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"perl-5.8.8-32.el5_7.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"perl-suidperl-5.8.8-32.el5_7.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"perl-suidperl-5.8.8-32.el5_7.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"perl-suidperl-5.8.8-32.el5_7.6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-suidperl\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:26", "description": "Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system administration utilities and web programming.\n\nIt was found that the 'new' constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597)\n\nIt was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761)\n\nA CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410)\n\nAll Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-12-12T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : perl (CESA-2011:1797)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-4410", "CVE-2011-3597"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perl", "p-cpe:/a:centos:centos:perl-suidperl", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1797.NASL", "href": "https://www.tenable.com/plugins/nessus/57068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1797 and \n# CentOS Errata and Security Advisory 2011:1797 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57068);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-4410\", \"CVE-2011-3597\");\n script_bugtraq_id(44199, 45145, 49911);\n script_xref(name:\"RHSA\", value:\"2011:1797\");\n\n script_name(english:\"CentOS 4 / 5 : perl (CESA-2011:1797)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated perl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nIt was found that the 'new' constructor of the Digest module used its\nargument as part of the string expression passed to the eval()\nfunction. An attacker could possibly use this flaw to execute\narbitrary Perl code with the privileges of a Perl program that uses\nuntrusted input as an argument to the constructor. (CVE-2011-3597)\n\nIt was found that the Perl CGI module used a hard-coded value for the\nMIME boundary string in multipart/x-mixed-replace content. A remote\nattacker could possibly use this flaw to conduct an HTTP response\nsplitting attack via a specially crafted HTTP request. (CVE-2010-2761)\n\nA CRLF injection flaw was found in the way the Perl CGI module\nprocessed a sequence of non-whitespace preceded by newline characters\nin the header. A remote attacker could use this flaw to conduct an\nHTTP response splitting attack via a specially crafted sequence of\ncharacters provided to the CGI module. (CVE-2010-4410)\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018306.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd8a88cc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018307.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fab88022\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018308.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?105f979f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018309.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43d88556\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"perl-5.8.5-57.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"perl-5.8.5-57.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"perl-suidperl-5.8.5-57.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"perl-suidperl-5.8.5-57.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"perl-5.8.8-32.el5_7.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"perl-suidperl-5.8.8-32.el5_7.6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-suidperl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:50:14", "description": "Perl is a high-level programming language commonly used for system administration utilities and web programming.\n\nIt was found that the 'new' constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597)\n\nIt was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761)\n\nA CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410)\n\nAll Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : perl on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-4410", "CVE-2011-3597"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111208_PERL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61202);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3597\");\n\n script_name(english:\"Scientific Linux Security Update : perl on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Perl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nIt was found that the 'new' constructor of the Digest module used its\nargument as part of the string expression passed to the eval()\nfunction. An attacker could possibly use this flaw to execute\narbitrary Perl code with the privileges of a Perl program that uses\nuntrusted input as an argument to the constructor. (CVE-2011-3597)\n\nIt was found that the Perl CGI module used a hard-coded value for the\nMIME boundary string in multipart/x-mixed-replace content. A remote\nattacker could possibly use this flaw to conduct an HTTP response\nsplitting attack via a specially crafted HTTP request. (CVE-2010-2761)\n\nA CRLF injection flaw was found in the way the Perl CGI module\nprocessed a sequence of non-whitespace preceded by newline characters\nin the header. A remote attacker could use this flaw to conduct an\nHTTP response splitting attack via a specially crafted sequence of\ncharacters provided to the CGI module. (CVE-2010-4410)\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=2385\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bce9e6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected perl, perl-debuginfo and / or perl-suidperl\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"perl-5.8.5-57.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"perl-debuginfo-5.8.5-57.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"perl-suidperl-5.8.5-57.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"perl-5.8.8-32.el5_7.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"perl-debuginfo-5.8.8-32.el5_7.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"perl-suidperl-5.8.8-32.el5_7.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:59", "description": "The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gnutls on SL5.x i386/x86_64 (20120327)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gnutls", "p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gnutls-devel", "p-cpe:/a:fermilab:scientific_linux:gnutls-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120327_GNUTLS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61290);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n\n script_name(english:\"Scientific Linux Security Update : gnutls on SL5.x i386/x86_64 (20120327)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). GnuTLS includes\nlibtasn1, a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=5098\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4816e1b7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-debuginfo-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-devel-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:53:33", "description": "From Red Hat Security Advisory 2012:0428 :\n\nUpdated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : gnutls (ELSA-2012-0428)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gnutls", "p-cpe:/a:oracle:linux:gnutls-devel", "p-cpe:/a:oracle:linux:gnutls-utils", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0428.NASL", "href": "https://www.tenable.com/plugins/nessus/68503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0428 and \n# Oracle Linux Security Advisory ELSA-2012-0428 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68503);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0428\");\n\n script_name(english:\"Oracle Linux 5 : gnutls (ELSA-2012-0428)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0428 :\n\nUpdated gnutls packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). GnuTLS includes\nlibtasn1, a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002720.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-devel-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:58:41", "description": "Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-28T00:00:00", "type": "nessus", "title": "RHEL 5 : gnutls (RHSA-2012:0428)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gnutls", "p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gnutls-devel", "p-cpe:/a:redhat:enterprise_linux:gnutls-utils", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-0428.NASL", "href": "https://www.tenable.com/plugins/nessus/58509", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0428. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58509);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0428\");\n\n script_name(english:\"RHEL 5 : gnutls (RHSA-2012:0428)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). GnuTLS includes\nlibtasn1, a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1573\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0428\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-debuginfo-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-devel-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-utils\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:58:38", "description": "Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-28T00:00:00", "type": "nessus", "title": "CentOS 5 : gnutls (CESA-2012:0428)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gnutls", "p-cpe:/a:centos:centos:gnutls-devel", "p-cpe:/a:centos:centos:gnutls-utils", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0428.NASL", "href": "https://www.tenable.com/plugins/nessus/58504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0428 and \n# CentOS Errata and Security Advisory 2012:0428 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58504);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0428\");\n\n script_name(english:\"CentOS 5 : gnutls (CESA-2012:0428)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). GnuTLS includes\nlibtasn1, a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-March/018529.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c92bc6d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1569\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-devel-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T18:38:38", "description": "Multiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060 , CVE-2012-0061 , CVE-2012-0815)", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : rpm (ALAS-2012-61)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:rpm", "p-cpe:/a:amazon:linux:rpm-apidocs", "p-cpe:/a:amazon:linux:rpm-build", "p-cpe:/a:amazon:linux:rpm-cron", "p-cpe:/a:amazon:linux:rpm-debuginfo", "p-cpe:/a:amazon:linux:rpm-devel", "p-cpe:/a:amazon:linux:rpm-libs", "p-cpe:/a:amazon:linux:rpm-python", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-61.NASL", "href": "https://www.tenable.com/plugins/nessus/69668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-61.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69668);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0060\");\n script_xref(name:\"ALAS\", value:\"2012-61\");\n script_xref(name:\"RHSA\", value:\"2012:0451\");\n\n script_name(english:\"Amazon Linux AMI : rpm (ALAS-2012-61)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when\nits package header was accessed, or during package signature\nverification, could cause an application using the RPM library (such\nas the rpm command line tool, or the yum and up2date package managers)\nto crash or, potentially, execute arbitrary code. (CVE-2012-0060 ,\nCVE-2012-0061 , CVE-2012-0815)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-61.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update rpm' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"rpm-4.8.0-19.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-apidocs-4.8.0-19.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-build-4.8.0-19.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-cron-4.8.0-19.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-debuginfo-4.8.0-19.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-devel-4.8.0-19.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-libs-4.8.0-19.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-python-4.8.0-19.38.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:14", "description": "Multiple security vulnerabilities were reported in RPM which could have been exploited via specially crafted RPM files to cause a denial of service (application crash) or potentially allow attackers to execute arbitrary code.\n\nAdditionally, a non-security issue was fixed that could cause a division by zero in cycles calculation under rare circumstances.", "cvss3": {"score": null, "vector": null}, "published": "2012-07-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : RPM (ZYPP Patch Number 8184)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_POPT-8184.NASL", "href": "https://www.tenable.com/plugins/nessus/59984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59984);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n\n script_name(english:\"SuSE 10 Security Update : RPM (ZYPP Patch Number 8184)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities were reported in RPM which could\nhave been exploited via specially crafted RPM files to cause a denial\nof service (application crash) or potentially allow attackers to\nexecute arbitrary code.\n\nAdditionally, a non-security issue was fixed that could cause a\ndivision by zero in cycles calculation under rare circumstances.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0060.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0061.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0815.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8184.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"popt-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"popt-devel-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"rpm-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"rpm-devel-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"rpm-python-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"popt-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"popt-devel-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"rpm-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"rpm-devel-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"rpm-python-4.4.2-43.46.16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:43", "description": "Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nMultiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815)\n\nNote: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks.\n\nAll RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-04T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : rpm (CESA-2012:0451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-cron", "p-cpe:/a:centos:centos:rpm-devel", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0451.NASL", "href": "https://www.tenable.com/plugins/nessus/58584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0451 and \n# CentOS Errata and Security Advisory 2012:0451 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58584);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n script_bugtraq_id(52865);\n script_xref(name:\"RHSA\", value:\"2012:0451\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2012:0451)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise\nLinux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux\n5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a command-line driven package\nmanagement system capable of installing, uninstalling, verifying,\nquerying, and updating software packages.\n\nMultiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when\nits package header was accessed, or during package signature\nverification, could cause an application using the RPM library (such\nas the rpm command line tool, or the yum and up2date package managers)\nto crash or, potentially, execute arbitrary code. (CVE-2012-0060,\nCVE-2012-0061, CVE-2012-0815)\n\nNote: Although an RPM package can, by design, execute arbitrary code\nwhen installed, this issue would allow a specially crafted RPM package\nto execute arbitrary code before its digital signature has been\nverified. Package downloads from the Red Hat Network are protected by\nthe use of a secure HTTPS connection in addition to the RPM package\nsignature checks.\n\nAll RPM users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running applications\nlinked against the RPM library must be restarted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018549.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1642dc56\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018550.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2bb532a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0060\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-28.el5_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-19.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:07", "description": "specially crafted signature headers could crash rpm", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rpm / rpm-python (openSUSE-SU-2012:0588-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rpm", "p-cpe:/a:novell:opensuse:rpm-32bit", "p-cpe:/a:novell:opensuse:rpm-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debuginfo-32bit", "p-cpe:/a:novell:opensuse:rpm-debugsource", "p-cpe:/a:novell:opensuse:rpm-devel", "p-cpe:/a:novell:opensuse:rpm-python", "p-cpe:/a:novell:opensuse:rpm-python-debuginfo", "p-cpe:/a:novell:opensuse:rpm-python-debugsource", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-259.NASL", "href": "https://www.tenable.com/plugins/nessus/74614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-259.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74614);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n\n script_name(english:\"openSUSE Security Update : rpm / rpm-python (openSUSE-SU-2012:0588-1)\");\n script_summary(english:\"Check for the openSUSE-2012-259 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"specially crafted signature headers could crash rpm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=756087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rpm / rpm-python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rpm-4.9.1.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rpm-debuginfo-4.9.1.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rpm-debugsource-4.9.1.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rpm-devel-4.9.1.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rpm-python-4.9.1.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rpm-python-debuginfo-4.9.1.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rpm-python-debugsource-4.9.1.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"rpm-32bit-4.9.1.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"rpm-debuginfo-32bit-4.9.1.2-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm-python / rpm-python-debuginfo / rpm-python-debugsource / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:03", "description": "From Red Hat Security Advisory 2012:0451 :\n\nUpdated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nMultiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815)\n\nNote: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks.\n\nAll RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 / 6 : rpm (ELSA-2012-0451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:popt", "p-cpe:/a:oracle:linux:rpm", "p-cpe:/a:oracle:linux:rpm-apidocs", "p-cpe:/a:oracle:linux:rpm-build", "p-cpe:/a:oracle:linux:rpm-cron", "p-cpe:/a:oracle:linux:rpm-devel", "p-cpe:/a:oracle:linux:rpm-libs", "p-cpe:/a:oracle:linux:rpm-python", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0451.NASL", "href": "https://www.tenable.com/plugins/nessus/68505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0451 and \n# Oracle Linux Security Advisory ELSA-2012-0451 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68505);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n script_bugtraq_id(52865);\n script_xref(name:\"RHSA\", value:\"2012:0451\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : rpm (ELSA-2012-0451)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0451 :\n\nUpdated rpm packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise\nLinux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux\n5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a command-line driven package\nmanagement system capable of installing, uninstalling, verifying,\nquerying, and updating software packages.\n\nMultiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when\nits package header was accessed, or during package signature\nverification, could cause an application using the RPM library (such\nas the rpm command line tool, or the yum and up2date package managers)\nto crash or, potentially, execute arbitrary code. (CVE-2012-0060,\nCVE-2012-0061, CVE-2012-0815)\n\nNote: Although an RPM package can, by design, execute arbitrary code\nwhen installed, this issue would allow a specially crafted RPM package\nto execute arbitrary code before its digital signature has been\nverified. Package downloads from the Red Hat Network are protected by\nthe use of a secure HTTPS connection in addition to the RPM package\nsignature checks.\n\nAll RPM users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running applications\nlinked against the RPM library must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002731.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002732.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002754.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"popt-1.9.1-36_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-4.3.3-36_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-build-4.3.3-36_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-devel-4.3.3-36_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-libs-4.3.3-36_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-python-4.3.3-36_nonptl.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"popt-1.10.2.3-28.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-4.4.2.3-28.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-apidocs-4.4.2.3-28.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-build-4.4.2.3-28.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-devel-4.4.2.3-28.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-libs-4.4.2.3-28.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-python-4.4.2.3-28.0.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"rpm-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-apidocs-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-build-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-cron-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-devel-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-libs-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-python-4.8.0-19.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:56:16", "description": "Multiple security vulnerabilities were reported in RPM which could have been exploited via specially crafted RPM files to cause a denial of service (application crash) or potentially allow attackers to execute arbitrary code.\n\nAdditionally, a non-security issue has been fixed that could have caused a division by zero in cycles calculation under rare circumstances.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : RPM (SAT Patch Number 6191)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:popt", "p-cpe:/a:novell:suse_linux:11:popt-32bit", "p-cpe:/a:novell:suse_linux:11:rpm", "p-cpe:/a:novell:suse_linux:11:rpm-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_POPT-120420.NASL", "href": "https://www.tenable.com/plugins/nessus/64214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64214);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n\n script_name(english:\"SuSE 11.2 Security Update : RPM (SAT Patch Number 6191)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities were reported in RPM which could\nhave been exploited via specially crafted RPM files to cause a denial\nof service (application crash) or potentially allow attackers to\nexecute arbitrary code.\n\nAdditionally, a non-security issue has been fixed that could have\ncaused a division by zero in cycles calculation under rare\ncircumstances.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0060.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0061.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0815.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6191.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:popt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"popt-1.7-37.50.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"rpm-4.4.2.3-37.50.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"popt-1.7-37.50.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"popt-32bit-1.7-37.50.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"rpm-4.4.2.3-37.50.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"rpm-32bit-4.4.2.3-37.50.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"popt-1.7-37.50.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"rpm-4.4.2.3-37.50.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"popt-32bit-1.7-37.50.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"rpm-32bit-4.4.2.3-37.50.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"popt-32bit-1.7-37.50.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"rpm-32bit-4.4.2.3-37.50.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:56:16", "description": "Multiple security vulnerabilities were reported in RPM which could be exploited via specially crafted RPM files to cause a denial of service (application crash) or potentially allow attackers to execute arbitrary code.\n\nAdditionally, a non-security issue was fixed that could cause a division by zero in cycles calculation under rare circumstances.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : RPM (SAT Patch Number 6186)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:popt", "p-cpe:/a:novell:suse_linux:11:popt-32bit", "p-cpe:/a:novell:suse_linux:11:rpm", "p-cpe:/a:novell:suse_linux:11:rpm-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_POPT-120419.NASL", "href": "https://www.tenable.com/plugins/nessus/64213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64213);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n\n script_name(english:\"SuSE 11.1 Security Update : RPM (SAT Patch Number 6186)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities were reported in RPM which could be\nexploited via specially crafted RPM files to cause a denial of service\n(application crash) or potentially allow attackers to execute\narbitrary code.\n\nAdditionally, a non-security issue was fixed that could cause a\ndivision by zero in cycles calculation under rare circumstances.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0060.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0061.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0815.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6186.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:popt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"popt-1.7-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"rpm-4.4.2.3-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"popt-1.7-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"popt-32bit-1.7-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"rpm-4.4.2.3-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"rpm-32bit-4.4.2.3-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"popt-1.7-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"rpm-4.4.2.3-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"popt-32bit-1.7-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"rpm-32bit-4.4.2.3-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"popt-32bit-1.7-37.29.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"rpm-32bit-4.4.2.3-37.29.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:07", "description": "specially crafted signature headers could crash rpm", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rpm / rpm-python (openSUSE-SU-2012:0589-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rpm", "p-cpe:/a:novell:opensuse:rpm-32bit", "p-cpe:/a:novell:opensuse:rpm-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debuginfo-32bit", "p-cpe:/a:novell:opensuse:rpm-debugsource", "p-cpe:/a:novell:opensuse:rpm-devel", "cpe:/o:novell:opensuse:11.4"], "id": "OPENSUSE-2012-260.NASL", "href": "https://www.tenable.com/plugins/nessus/74615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-260.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74615);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n\n script_name(english:\"openSUSE Security Update : rpm / rpm-python (openSUSE-SU-2012:0589-1)\");\n script_summary(english:\"Check for the openSUSE-2012-260 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"specially crafted signature headers could crash rpm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rpm / rpm-python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rpm-4.8.0-28.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rpm-debuginfo-4.8.0-28.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rpm-debugsource-4.8.0-28.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rpm-devel-4.8.0-28.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"rpm-32bit-4.8.0-28.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"rpm-debuginfo-32bit-4.8.0-28.41.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm-32bit / rpm / rpm-debuginfo-32bit / rpm-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:24", "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nMultiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815)\n\nNote: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified.\n\nAll RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64 (20120403)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:popt", "p-cpe:/a:fermilab:scientific_linux:rpm", "p-cpe:/a:fermilab:scientific_linux:rpm-apidocs", "p-cpe:/a:fermilab:scientific_linux:rpm-build", "p-cpe:/a:fermilab:scientific_linux:rpm-cron", "p-cpe:/a:fermilab:scientific_linux:rpm-debuginfo", "p-cpe:/a:fermilab:scientific_linux:rpm-devel", "p-cpe:/a:fermilab:scientific_linux:rpm-libs", "p-cpe:/a:fermilab:scientific_linux:rpm-python", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120403_RPM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61294);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n\n script_name(english:\"Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64 (20120403)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The RPM Package Manager (RPM) is a command-line driven package\nmanagement system capable of installing, uninstalling, verifying,\nquerying, and updating software packages.\n\nMultiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when\nits package header was accessed, or during package signature\nverification, could cause an application using the RPM library (such\nas the rpm command line tool, or the yum and up2date package managers)\nto crash or, potentially, execute arbitrary code. (CVE-2012-0060,\nCVE-2012-0061, CVE-2012-0815)\n\nNote: Although an RPM package can, by design, execute arbitrary code\nwhen installed, this issue would allow a specially crafted RPM package\nto execute arbitrary code before its digital signature has been\nverified.\n\nAll RPM users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running applications\nlinked against the RPM library must be restarted for this update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=190\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3fd3181\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"popt-1.10.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-apidocs-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-build-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-debuginfo-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-devel-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-libs-4.4.2.3-28.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-python-4.4.2.3-28.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"rpm-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-apidocs-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-build-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-cron-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-debuginfo-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-devel-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-libs-4.8.0-19.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-python-4.8.0-19.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:26", "description": "Multiple security vulnerabilities were reported in RPM which could have been exploited via specially crafted RPM files to cause a denial of service (application crash) or potentially allow attackers to execute arbitrary code.\n\nAdditionally, a non-security issue was fixed that could cause a division by zero in cycles calculation under rare circumstances.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : popt (ZYPP Patch Number 8093)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_POPT-8093.NASL", "href": "https://www.tenable.com/plugins/nessus/59164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59164);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n\n script_name(english:\"SuSE 10 Security Update : popt (ZYPP Patch Number 8093)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities were reported in RPM which could\nhave been exploited via specially crafted RPM files to cause a denial\nof service (application crash) or potentially allow attackers to\nexecute arbitrary code.\n\nAdditionally, a non-security issue was fixed that could cause a\ndivision by zero in cycles calculation under rare circumstances.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0060.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0061.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0815.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8093.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"popt-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"popt-32bit-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"popt-devel-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"popt-devel-32bit-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"rpm-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"rpm-devel-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"rpm-python-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"popt-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"popt-32bit-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"popt-devel-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"popt-devel-32bit-1.7-271.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"rpm-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"rpm-devel-4.4.2-43.46.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"rpm-python-4.4.2-43.46.16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:43", "description": "Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nMultiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815)\n\nNote: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks.\n\nAll RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-04T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : rpm (RHSA-2012:0451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:popt", "p-cpe:/a:redhat:enterprise_linux:rpm", "p-cpe:/a:redhat:enterprise_linux:rpm-apidocs", "p-cpe:/a:redhat:enterprise_linux:rpm-build", "p-cpe:/a:redhat:enterprise_linux:rpm-cron", "p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rpm-devel", "p-cpe:/a:redhat:enterprise_linux:rpm-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-python", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0451.NASL", "href": "https://www.tenable.com/plugins/nessus/58586", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0451. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58586);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n script_bugtraq_id(52865);\n script_xref(name:\"RHSA\", value:\"2012:0451\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : rpm (RHSA-2012:0451)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise\nLinux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux\n5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a command-line driven package\nmanagement system capable of installing, uninstalling, verifying,\nquerying, and updating software packages.\n\nMultiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when\nits package header was accessed, or during package signature\nverification, could cause an application using the RPM library (such\nas the rpm command line tool, or the yum and up2date package managers)\nto crash or, potentially, execute arbitrary code. (CVE-2012-0060,\nCVE-2012-0061, CVE-2012-0815)\n\nNote: Although an RPM package can, by design, execute arbitrary code\nwhen installed, this issue would allow a specially crafted RPM package\nto execute arbitrary code before its digital signature has been\nverified. Package downloads from the Red Hat Network are protected by\nthe use of a secure HTTPS connection in addition to the RPM package\nsignature checks.\n\nAll RPM users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running applications\nlinked against the RPM library must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0061\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0451\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"popt-1.9.1-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"popt-1.9.1-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rpm-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"rpm-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rpm-build-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"rpm-build-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rpm-devel-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"rpm-devel-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rpm-libs-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"rpm-libs-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rpm-python-4.3.3-36_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"rpm-python-4.3.3-36_nonptl.el4\")) flag++;\n\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"popt-1.10.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"popt-1.10.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"rpm-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-apidocs-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-apidocs-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"rpm-apidocs-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-apidocs-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-build-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-build-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"rpm-build-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-build-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-build-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-build-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"rpm-devel-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"rpm-devel-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"rpm-libs-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"rpm-libs-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-python-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-python-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"rpm-python-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-python-4.4.2.3-28.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-python-4.4.2.3-22.el5_6.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-python-4.4.2.3-28.el5_8\")) flag++; }\n\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"rpm-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"rpm-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"rpm-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"rpm-apidocs-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-apidocs-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"rpm-build-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-build-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"rpm-build-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-build-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"rpm-build-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-build-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"rpm-cron-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-cron-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"rpm-debuginfo-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-debuginfo-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"rpm-devel-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-devel-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"rpm-libs-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-libs-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"rpm-python-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-python-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"rpm-python-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-python-4.8.0-19.el6_2.1\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"rpm-python-4.8.0-16.el6_1.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-python-4.8.0-19.el6_2.1\")) flag++; }\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:41", "description": "This update fixes various input-validation issues in rpm:\nCVE-2012-0060, CVE-2012-0061 and CVE-2012-0815\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "Fedora 17 : rpm-4.9.1.3-1.fc17 (2012-5298)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rpm", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-5298.NASL", "href": "https://www.tenable.com/plugins/nessus/58712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5298.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58712);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n script_bugtraq_id(52865);\n script_xref(name:\"FEDORA\", value:\"2012-5298\");\n\n script_name(english:\"Fedora 17 : rpm-4.9.1.3-1.fc17 (2012-5298)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes various input-validation issues in rpm:\nCVE-2012-0060, CVE-2012-0061 and CVE-2012-0815\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=744104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=744858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=798585\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db98db72\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"rpm-4.9.1.3-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:30", "description": "This update fixes various input-validation issues in rpm:\nCVE-2012-0060, CVE-2012-0061 and CVE-2012-0815\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-23T00:00:00", "type": "nessus", "title": "Fedora 15 : rpm-4.9.1.3-1.fc15 (2012-5420)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rpm", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-5420.NASL", "href": "https://www.tenable.com/plugins/nessus/58820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5420.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58820);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n script_bugtraq_id(52865);\n script_xref(name:\"FEDORA\", value:\"2012-5420\");\n\n script_name(english:\"Fedora 15 : rpm-4.9.1.3-1.fc15 (2012-5420)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes various input-validation issues in rpm:\nCVE-2012-0060, CVE-2012-0061 and CVE-2012-0815\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=744104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=744858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=798585\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6bc155f3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rpm-4.9.1.3-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:36", "description": "Multiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64rpm-devel", "p-cpe:/a:mandriva:linux:lib64rpm4.6", "p-cpe:/a:mandriva:linux:librpm-devel", "p-cpe:/a:mandriva:linux:librpm4.6", "p-cpe:/a:mandriva:linux:python-rpm", "p-cpe:/a:mandriva:linux:rpm", "p-cpe:/a:mandriva:linux:rpm-build", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2012-056.NASL", "href": "https://www.tenable.com/plugins/nessus/58717", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:056. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58717);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n script_bugtraq_id(52865);\n script_xref(name:\"MDVSA\", value:\"2012:056\");\n\n script_name(english:\"Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way RPM parsed package file headers.\nAn attacker could create a specially crafted RPM package that, when\nits package header was accessed, or during package signature\nverification, could cause an application using the RPM library to\ncrash or, potentially, execute arbitrary code (CVE-2012-0060,\nCVE-2012-0061, CVE-2012-0815).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=744104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=744858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=798585\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64rpm4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:librpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:librpm4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64rpm-devel-4.6.0-14.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64rpm4.6-4.6.0-14.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"librpm-devel-4.6.0-14.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"librpm4.6-4.6.0-14.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"python-rpm-4.6.0-14.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"rpm-4.6.0-14.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"rpm-build-4.6.0-14.3mnb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:30", "description": "This update fixes various input-validation issues in rpm:\nCVE-2012-0060, CVE-2012-0061 and CVE-2012-0815\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-23T00:00:00", "type": "nessus", "title": "Fedora 16 : rpm-4.9.1.3-1.fc16 (2012-5421)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rpm", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-5421.NASL", "href": "https://www.tenable.com/plugins/nessus/58821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5421.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58821);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\");\n script_bugtraq_id(52865);\n script_xref(name:\"FEDORA\", value:\"2012-5421\");\n\n script_name(english:\"Fedora 16 : rpm-4.9.1.3-1.fc16 (2012-5421)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes various input-validation issues in rpm:\nCVE-2012-0060, CVE-2012-0061 and CVE-2012-0815\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=744104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=744858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=798585\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17d8f848\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"rpm-4.9.1.3-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:03", "description": "It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n(CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050)\n\nBen Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.\nThis could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\nAdam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information.\n(CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. (CVE-2011-4577)\n\nAdam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts.\nThis could allow a remote attacker to cause a denial of service.\n(CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-10T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1945", "CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1357-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1357-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57887);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1945\", \"CVE-2011-3210\", \"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_bugtraq_id(47888, 49471, 50882, 51281, 51563);\n script_xref(name:\"USN\", value:\"1357-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This could\nallow a remote attacker to cause a denial of service via out-of-order\nmessages that violate the TLS protocol. This issue only affected\nUbuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n(CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram\nTransport Layer Security (DTLS) implementation in OpenSSL performed a\nMAC check only if certain padding is valid. This could allow a remote\nattacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address\nCVE-2011-4108, the DTLS MAC check failure. This could allow a remote\nattacker to cause a denial of service. (CVE-2012-0050)\n\nBen Laurie discovered a double free vulnerability in OpenSSL that\ncould be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.\nThis could allow a remote attacker to cause a denial of service. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This could allow a remote attacker to obtain the private key\nof a TLS server via multiple handshake attempts. This issue only\naffected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\nAdam Langley discovered that the SSL 3.0 implementation in OpenSSL did\nnot properly initialize data structures for block cipher padding. This\ncould allow a remote attacker to obtain sensitive information.\n(CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\ncould trigger an assert when handling an X.509 certificate containing\ncertificate-extension data associated with IP address blocks or\nAutonomous System (AS) identifiers. This could allow a remote attacker\nto cause a denial of service. (CVE-2011-4577)\n\nAdam Langley discovered that the Server Gated Cryptography (SGC)\nimplementation in OpenSSL did not properly handle handshake restarts.\nThis could allow a remote attacker to cause a denial of service.\n(CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL\ndid not properly handle invalid parameters. This could allow a remote\nattacker to cause a denial of service via crafted data from a TLS\nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1357-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libssl0.9.8, libssl1.0.0 and / or openssl\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8g-4ubuntu3.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"openssl\", pkgver:\"0.9.8g-4ubuntu3.15\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openssl\", pkgver:\"0.9.8k-7ubuntu8.8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8o-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openssl\", pkgver:\"0.9.8o-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8o-5ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openssl\", pkgver:\"0.9.8o-5ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.0e-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openssl\", pkgver:\"1.0.0e-2ubuntu4.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0 / openssl\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:01", "description": "An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nCVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)\n\nThis update also fixes the following bug :\n\n* The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver.\n(BZ#809463)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815", "CVE-2012-0864", "CVE-2012-0879", "CVE-2012-0884", "CVE-2012-1090", "CVE-2012-1097", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0531.NASL", "href": "https://www.tenable.com/plugins/nessus/78922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0531. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78922);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\", \"CVE-2012-0864\", \"CVE-2012-0879\", \"CVE-2012-0884\", \"CVE-2012-1090\", \"CVE-2012-1097\", \"CVE-2012-1165\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_bugtraq_id(52201, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0531\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated rhev-hypervisor6 package that fixes three security issues\nand one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nCVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)\n\nThis update also fixes the following bug :\n\n* The Hypervisor previously set the lro_disable option for the enic\ndriver. The driver does not support this option, as a result the\nHypervisor did not correctly detect and configure the network\ninterfaces of a Cisco M81KR adaptor, when present. The Hypervisor has\nbeen updated and no longer sets the invalid option for this driver.\n(BZ#809463)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1573\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected rhev-hypervisor6 and / or rhev-hypervisor6-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0531\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.2-20120423.1.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-tools-6.2-20120423.1.el6_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6 / rhev-hypervisor6-tools\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:40", "description": "An updated rhev-hypervisor5 package that fixes three security issues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-1583 (kernel issue)\n\nCVE-2011-3045 (libpng issue)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nFurther information on the changes made to the package is available on the relevant errata :\n\nhttps://rhn.redhat.com/errata/RHBA-2012-0398.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3045", "CVE-2011-4128", "CVE-2012-0864", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5-tools", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-0488.NASL", "href": "https://www.tenable.com/plugins/nessus/79286", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0488. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79286);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3045\", \"CVE-2011-4128\", \"CVE-2012-0864\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-1569\", \"CVE-2012-1573\", \"CVE-2012-1583\");\n script_bugtraq_id(52201, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0488\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor5 package that fixes three security issues\nand one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor5 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-1583 (kernel issue)\n\nCVE-2011-3045 (libpng issue)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nFurther information on the changes made to the package is available on\nthe relevant errata :\n\nhttps://rhn.redhat.com/errata/RHBA-2012-0398.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1573\"\n );\n # https://rhn.redhat.com/errata/RHBA-2012-0398.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2012:0398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0488\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor5 and / or rhev-hypervisor5-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0488\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor5-5.8-20120403.0.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor5-tools-5.8-20120403.0.el5_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor5 / rhev-hypervisor5-tools\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:10", "description": "Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "RHEL 4 : glibc (RHSA-2012:0125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-profile", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nptl-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/57928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0125. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57928);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"RHEL 4 : glibc (RHSA-2012:0125)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0830\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0125\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:03", "description": "Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "CentOS 4 : glibc (CESA-2012:0125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-profile", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nptl-devel", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/57923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0125 and \n# CentOS Errata and Security Advisory 2012:0125 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57923);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"CentOS 4 : glibc (CESA-2012:0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04137bde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-0296\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"nscd-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:51", "description": "From Red Hat Security Advisory 2012:0125 :\n\nUpdated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : glibc (ELSA-2012-0125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-profile", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nptl-devel", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/68455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0125 and \n# Oracle Linux Security Advisory ELSA-2012-0125 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68455);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"Oracle Linux 4 : glibc (ELSA-2012-0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0125 :\n\nUpdated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002604.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:51:30", "description": "The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bug :\n\n - When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-profile", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nptl-devel", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120213_GLIBC_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61243);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-4609\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bug :\n\n - When using an nscd package that is a different version\n than the glibc package, the nscd service could fail to\n start. This update makes the nscd package require a\n specific glibc version to prevent this problem.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2559\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c13b3468\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 4.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-debuginfo-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-debuginfo-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-15T18:22:08", "description": "Update to 1.0.1c and synced all patches with Fedora openssl-1.0.1c-7.fc19\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-11-26T00:00:00", "type": "nessus", "title": "Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3207", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openssl", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2012-18035.NASL", "href": "https://www.tenable.com/plugins/nessus/63031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18035.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63031);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-2110\", \"CVE-2012-2333\");\n script_bugtraq_id(49469, 51281, 52428, 52764, 53158, 53476);\n script_xref(name:\"FEDORA\", value:\"2012-18035\");\n\n script_name(english:\"Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.0.1c and synced all patches with Fedora\nopenssl-1.0.1c-7.fc19\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=736089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=802817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=814203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=820694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=846213\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f876088\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mingw-openssl-1.0.1c-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-02T21:10:58", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.\n\nSummary\nVMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.\n\nRelevant releases\nVMware vCenter 4.1 without Update 3\nVMware vCenter Update Manager 4.1 without Update 3\nVMware ESX without patches ESX410-201208101-SG, ESX410-201208102-SG,\n ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG,\n ESX410-201208106-SG, ESX410-201208107-SG\nVMware ESXi without patch ESXi410-201208101-SG\n \n\nProblem Description\na. vCenter and ESX update to JRE 1.6.0 Update 31\n\nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple\nsecurity issues. Oracle has documented the CVE identifiers that are addressed by\nthis update in the Oracle Java SE Critical Patch Update Advisory of February\n2012.\n\nb. vCenter Update Manager update to JRE 1.5.0 Update 36\n\nThe Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues.\nOracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in\nthe Oracle Java SE Critical Patch Update Advisory for June 2012.\n\nc. Update to ESX/ESXi userworld OpenSSL library\n\nThe ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version\n0.9.8t to resolve multiple security issues.\n\nd. Update to ESX service console OpenSSL RPM\n\nThe service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to\nresolve a security issue.\n\ne. Update to ESX service console kernel\n\nThe ESX service console kernel is updated to resolve multiple security issues.\n\nf. Update to ESX service console Perl RPM\n\nThe ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to\nresolve multiple security issues.\n\ng. Update to ESX service console libxml2 RPM\n\nThe ESX service console libmxl2 RPMs are updated to\nlibxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to\nresolve a security issue.\n\nh. Update to ESX service console glibc RPM\n\nThe ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to\nresolve multiple security issues.\n\ni. Update to ESX service console GnuTLS RPM\n\nThe ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to\nresolve multiple security issues.\n\nj. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n\nThe ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to\nthe following versions to resolve multiple security issues:\n\nk. Vulnerability in third party Apache Struts component\n\nThe version of Apache Struts in vCenter Operations has been updated to 2.3.4\nwhich addresses an arbitrary file overwrite vulnerability. This vulnerability\nallows an attacker to create a denial of service by overwriting arbitrary files\nwithout authentication. The attacker would need to be on the same network as the\nsystem where vCOps is installed.\n\nSolution\nApply the missing patch(es).", "cvss3": {}, "published": "2012-08-31T00:00:00", "type": "openvas", "title": "VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2012-0507", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:103558", "href": "http://plugins.openvas.org/nasl.php?oid=103558", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2012-0013.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.\n\nSummary\nVMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.\n\nRelevant releases\nVMware vCenter 4.1 without Update 3\nVMware vCenter Update Manager 4.1 without Update 3\nVMware ESX without patches ESX410-201208101-SG, ESX410-201208102-SG,\n ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG,\n ESX410-201208106-SG, ESX410-201208107-SG\nVMware ESXi without patch ESXi410-201208101-SG\n \n\nProblem Description\na. vCenter and ESX update to JRE 1.6.0 Update 31\n\nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple\nsecurity issues. Oracle has documented the CVE identifiers that are addressed by\nthis update in the Oracle Java SE Critical Patch Update Advisory of February\n2012.\n\nb. vCenter Update Manager update to JRE 1.5.0 Update 36\n\nThe Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues.\nOracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in\nthe Oracle Java SE Critical Patch Update Advisory for June 2012.\n\nc. Update to ESX/ESXi userworld OpenSSL library\n\nThe ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version\n0.9.8t to resolve multiple security issues.\n\nd. Update to ESX service console OpenSSL RPM\n\nThe service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to\nresolve a security issue.\n\ne. Update to ESX service console kernel\n\nThe ESX service console kernel is updated to resolve multiple security issues.\n\nf. Update to ESX service console Perl RPM\n\nThe ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to\nresolve multiple security issues.\n\ng. Update to ESX service console libxml2 RPM\n\nThe ESX service console libmxl2 RPMs are updated to\nlibxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to\nresolve a security issue.\n\nh. Update to ESX service console glibc RPM\n\nThe ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to\nresolve multiple security issues.\n\ni. Update to ESX service console GnuTLS RPM\n\nThe ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to\nresolve multiple security issues.\n\nj. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n\nThe ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to\nthe following versions to resolve multiple security issues:\n\nk. Vulnerability in third party Apache Struts component\n\nThe version of Apache Struts in vCenter Operations has been updated to 2.3.4\nwhich addresses an arbitrary file overwrite vulnerability. This vulnerability\nallows an attacker to create a denial of service by overwriting arbitrary files\nwithout authentication. The attacker would need to be on the same network as the\nsystem where vCOps is installed.\n\nSolution\nApply the missing patch(es).\";\n\n\nif (description)\n{\n script_id(103558);\n script_cve_id(\"CVE-2010-4180\",\"CVE-2010-4252\",\"CVE-2011-0014\",\"CVE-2011-4108\",\"CVE-2011-4109\",\"CVE-2011-4576\",\"CVE-2011-4577\",\"CVE-2011-4619\",\"CVE-2012-0050\",\n \"CVE-2012-2110\",\"CVE-2011-1833\",\"CVE-2011-2484\",\"CVE-2011-2496\",\"CVE-2011-3188\",\"CVE-2011-3209\",\"CVE-2011-3363\",\"CVE-2011-4110\",\"CVE-2011-1020\",\n \"CVE-2011-4132\",\"CVE-2011-4324\",\"CVE-2011-4325\",\"CVE-2012-0207\",\"CVE-2011-2699\",\"CVE-2012-1583\",\"CVE-2010-2761\",\"CVE-2010-4410\",\"CVE-2011-3597\",\n \"CVE-2012-0841\",\"CVE-2009-5029\",\"CVE-2009-5064\",\"CVE-2010-0830\",\"CVE-2011-1089\",\"CVE-2011-4609\",\"CVE-2012-0864\",\"CVE-2011-4128\",\"CVE-2012-1569\",\n \"CVE-2012-1573\",\"CVE-2012-0060\",\"CVE-2012-0061\",\"CVE-2012-0815\",\"CVE-2012-0393\",\"CVE-2012-0507\");\n\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 5940 $\");\n script_name(\"VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.\");\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-31 11:02:01 +0100 (Fri, 31 Aug 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.vmware.com/security/advisories/VMSA-2012-0013.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\",\"ESXi410-Update03:2012-08-30\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-19T16:09:24", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.", "cvss3": {}, "published": "2012-08-31T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX updates to third party libraries (VMSA-2012-0013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2012-0507", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103558", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103558\");\n script_cve_id(\"CVE-2010-4180\", \"CVE-2010-4252\", \"CVE-2011-0014\", \"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0050\",\n \"CVE-2012-2110\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-3188\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-4110\", \"CVE-2011-1020\",\n \"CVE-2011-4132\", \"CVE-2011-4324\", \"CVE-2011-4325\", \"CVE-2012-0207\", \"CVE-2011-2699\", \"CVE-2012-1583\", \"CVE-2010-2761\", \"CVE-2010-4410\", \"CVE-2011-3597\",\n \"CVE-2012-0841\", \"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\", \"CVE-2012-0864\", \"CVE-2011-4128\", \"CVE-2012-1569\",\n \"CVE-2012-1573\", \"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\", \"CVE-2012-0393\", \"CVE-2012-0507\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX updates to third party libraries (VMSA-2012-0013)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-08-31 11:02:01 +0100 (Fri, 31 Aug 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0013.html\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.\");\n\n script_tag(name:\"affected\", value:\"VMware ESX without patches ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG\n\n VMware ESXi without patch ESXi410-201208101-SG\");\n\n script_tag(name:\"insight\", value:\"a. vCenter and ESX update to JRE 1.6.0 Update 31\n\n The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple\n security issues. Oracle has documented the CVE identifiers that are addressed by\n this update in the Oracle Java SE Critical Patch Update Advisory of February 2012.\n\n b. vCenter Update Manager update to JRE 1.5.0 Update 36\n\n The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues.\n Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in\n the Oracle Java SE Critical Patch Update Advisory for June 2012.\n\n c. Update to ESX/ESXi userworld OpenSSL library\n\n The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version\n 0.9.8t to resolve multiple security issues.\n\n d. Update to ESX service console OpenSSL RPM\n\n The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to\n resolve a security issue.\n\n e. Update to ESX service console kernel\n\n The ESX service console kernel is updated to resolve multiple security issues.\n\n f. Update to ESX service console Perl RPM\n\n The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to\n resolve multiple security issues.\n\n g. Update to ESX service console libxml2 RPM\n\n The ESX service console libmxl2 RPMs are updated to\n libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to\n resolve a security issue.\n\n h. Update to ESX service console glibc RPM\n\n The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to\n resolve multiple security issues.\n\n i. Update to ESX service console GnuTLS RPM\n\n The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to\n resolve multiple security issues.\n\n j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n\n The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to\n the following versions to resolve multiple security issues:\n\n k. Vulnerability in third party Apache Struts component\n\n The version of Apache Struts in vCenter Operations has been updated to 2.3.4\n which addresses an arbitrary file overwrite vulnerability. This vulnerability\n allows an attacker to create a denial of service by overwriting arbitrary files\n without authentication. The attacker would need to be on the same network as the\n system where vCOps is installed.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-Update03:2012-08-30\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:57:03", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0126-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:870556", "href": "http://plugins.openvas.org/nasl.php?oid=870556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0126-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n\n Users should upgrade to these updated packages, which resolve these issues.\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html\");\n script_id(870556);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:49 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0126-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0126-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0126 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0126 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881084\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:03:45 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0126\");\n script_name(\"CentOS Update for glibc CESA-2012:0126 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n\n Users should upgrade to these updated packages, which resolve these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:29", "description": "Oracle Linux Local Security Checks ELSA-2012-0126", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0126", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123990", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123990", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0126.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123990\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:17 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0126\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0126 - glibc security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0126\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0126.html\");\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\", \"CVE-2010-0830\", \"CVE-2009-5029\", \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0126-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0126-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870556\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:49 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0126-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0126-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n\n Users should upgrade to these updated packages, which resolve these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:06:39", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0126 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:881084", "href": "http://plugins.openvas.org/nasl.php?oid=881084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0126 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n \n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n \n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n \n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n \n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n \n Users should upgrade to these updated packages, which resolve these issues.\";\n\ntag_affected = \"glibc on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\");\n script_id(881084);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:03:45 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0126\");\n script_name(\"CentOS Update for glibc CESA-2012:0126 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:54", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-12.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-12 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71196", "href": "http://plugins.openvas.org/nasl.php?oid=71196", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in OpenSSL, allowing\n remote attackers to cause a Denial of Service or obtain sensitive\n information.\";\ntag_solution = \"All OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0g'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=397695\nhttp://bugs.gentoo.org/show_bug.cgi?id=399365\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-12.\";\n\n \n \nif(description)\n{\n script_id(71196);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-12 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.0g\", \"rge 0.9.8t\"), vulnerable: make_list(\"lt 1.0.0g\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:15", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-12.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-12 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071196", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071196", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_12.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71196\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-12 (openssl)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in OpenSSL, allowing\n remote attackers to cause a Denial of Service or obtain sensitive\n information.\");\n script_tag(name:\"solution\", value:\"All OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0g'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-12\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=397695\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=399365\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-12.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = is
VMware vSphere and vCOps updates to third party libraries
