[Openvas-commits] r5841 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Nov 11 15:57:04 CET 2009
Author: reinke
Date: 2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)
New Revision: 5841
Added:
trunk/openvas-plugins/scripts/RHSA_2009_1528.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1529.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1530.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1531.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1535.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1536.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1540.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1541.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1548.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1549.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1550.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1560.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1561.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1562.nasl
trunk/openvas-plugins/scripts/RHSA_2009_1563.nasl
trunk/openvas-plugins/scripts/deb_1921_1.nasl
trunk/openvas-plugins/scripts/deb_1922_1.nasl
trunk/openvas-plugins/scripts/deb_1923_1.nasl
trunk/openvas-plugins/scripts/deb_1924_1.nasl
trunk/openvas-plugins/scripts/deb_1925_1.nasl
trunk/openvas-plugins/scripts/deb_1926_1.nasl
trunk/openvas-plugins/scripts/deb_1927_1.nasl
trunk/openvas-plugins/scripts/deb_1928_1.nasl
trunk/openvas-plugins/scripts/deb_1929_1.nasl
trunk/openvas-plugins/scripts/deb_1930_1.nasl
trunk/openvas-plugins/scripts/deb_1931_1.nasl
trunk/openvas-plugins/scripts/deb_1932_1.nasl
trunk/openvas-plugins/scripts/fcore_2009_10170.nasl
trunk/openvas-plugins/scripts/fcore_2009_10225.nasl
trunk/openvas-plugins/scripts/fcore_2009_10329.nasl
trunk/openvas-plugins/scripts/fcore_2009_10377.nasl
trunk/openvas-plugins/scripts/fcore_2009_10426.nasl
trunk/openvas-plugins/scripts/fcore_2009_10461.nasl
trunk/openvas-plugins/scripts/fcore_2009_10475.nasl
trunk/openvas-plugins/scripts/fcore_2009_10498.nasl
trunk/openvas-plugins/scripts/fcore_2009_10639.nasl
trunk/openvas-plugins/scripts/fcore_2009_10718.nasl
trunk/openvas-plugins/scripts/fcore_2009_10719.nasl
trunk/openvas-plugins/scripts/fcore_2009_10737.nasl
trunk/openvas-plugins/scripts/fcore_2009_10743.nasl
trunk/openvas-plugins/scripts/fcore_2009_10761.nasl
trunk/openvas-plugins/scripts/fcore_2009_10780.nasl
trunk/openvas-plugins/scripts/fcore_2009_10793.nasl
trunk/openvas-plugins/scripts/fcore_2009_10795.nasl
trunk/openvas-plugins/scripts/fcore_2009_10822.nasl
trunk/openvas-plugins/scripts/fcore_2009_10823.nasl
trunk/openvas-plugins/scripts/fcore_2009_10845.nasl
trunk/openvas-plugins/scripts/fcore_2009_10849.nasl
trunk/openvas-plugins/scripts/fcore_2009_10878.nasl
trunk/openvas-plugins/scripts/fcore_2009_10949.nasl
trunk/openvas-plugins/scripts/fcore_2009_10956.nasl
trunk/openvas-plugins/scripts/fcore_2009_10972.nasl
trunk/openvas-plugins/scripts/fcore_2009_10981.nasl
trunk/openvas-plugins/scripts/fcore_2009_10987.nasl
trunk/openvas-plugins/scripts/fcore_2009_11029.nasl
trunk/openvas-plugins/scripts/fcore_2009_11030.nasl
trunk/openvas-plugins/scripts/fcore_2009_11032.nasl
trunk/openvas-plugins/scripts/fcore_2009_11034.nasl
trunk/openvas-plugins/scripts/fcore_2009_11038.nasl
trunk/openvas-plugins/scripts/fcore_2009_11066.nasl
trunk/openvas-plugins/scripts/fcore_2009_9837.nasl
trunk/openvas-plugins/scripts/fcore_2009_9973.nasl
trunk/openvas-plugins/scripts/fcore_2009_9982.nasl
trunk/openvas-plugins/scripts/freebsd_ctorrent.nasl
trunk/openvas-plugins/scripts/freebsd_firefox42.nasl
trunk/openvas-plugins/scripts/freebsd_gd1.nasl
trunk/openvas-plugins/scripts/freebsd_kdebase4-runtime.nasl
trunk/openvas-plugins/scripts/freebsd_opera18.nasl
trunk/openvas-plugins/scripts/freebsd_p5-HTML-Parser.nasl
trunk/openvas-plugins/scripts/freebsd_typo32.nasl
trunk/openvas-plugins/scripts/freebsd_vlc1.nasl
trunk/openvas-plugins/scripts/glsa_200911_01.nasl
trunk/openvas-plugins/scripts/mdksa_2009_289.nasl
trunk/openvas-plugins/scripts/mdksa_2009_290.nasl
trunk/openvas-plugins/scripts/mdksa_2009_291.nasl
trunk/openvas-plugins/scripts/mdksa_2009_292.nasl
trunk/openvas-plugins/scripts/mdksa_2009_293.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1451.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1455.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1465.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1470.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1472.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1502.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1504.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1513.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1528.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1529.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1530.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1531.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1535.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1536.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1541.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1548.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1549.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1550.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1561.nasl
trunk/openvas-plugins/scripts/sles10_MozillaFirefox7.nasl
trunk/openvas-plugins/scripts/sles10_cyrus-imapd0.nasl
trunk/openvas-plugins/scripts/sles10_mozilla-nspr0.nasl
trunk/openvas-plugins/scripts/sles10_mozilla-xulrunn0.nasl
trunk/openvas-plugins/scripts/sles10_neon.nasl
trunk/openvas-plugins/scripts/sles10_xpdf2.nasl
trunk/openvas-plugins/scripts/sles11_MozillaFirefox7.nasl
trunk/openvas-plugins/scripts/sles11_cyrus-imapd0.nasl
trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def3.nasl
trunk/openvas-plugins/scripts/sles11_java-1_6_0-ibm1.nasl
trunk/openvas-plugins/scripts/sles11_libneon27.nasl
trunk/openvas-plugins/scripts/sles11_mozilla-nspr.nasl
trunk/openvas-plugins/scripts/sles11_mozilla-xulrunn1.nasl
trunk/openvas-plugins/scripts/sles9p5061160.nasl
trunk/openvas-plugins/scripts/sles9p5061735.nasl
trunk/openvas-plugins/scripts/sles9p5061983.nasl
trunk/openvas-plugins/scripts/suse_sa_2009_051.nasl
trunk/openvas-plugins/scripts/suse_sa_2009_052.nasl
trunk/openvas-plugins/scripts/suse_sr_2009_018.nasl
trunk/openvas-plugins/scripts/ubuntu_857_1.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/ovcesa2009_1427.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1428.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1452.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1453.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1459.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1463.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1471.nasl
trunk/openvas-plugins/scripts/ovcesa2009_1484.nasl
Log:
New scripts added
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/ChangeLog 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,3 +1,130 @@
+2009-11-11 Thomas Reinke <reinke at securityspace.com>
+ * scripts/deb_1921_1.nasl,
+ scripts/deb_1922_1.nasl,
+ scripts/deb_1923_1.nasl,
+ scripts/deb_1924_1.nasl,
+ scripts/deb_1925_1.nasl,
+ scripts/deb_1926_1.nasl,
+ scripts/deb_1927_1.nasl,
+ scripts/deb_1928_1.nasl,
+ scripts/deb_1929_1.nasl,
+ scripts/deb_1930_1.nasl,
+ scripts/deb_1931_1.nasl,
+ scripts/deb_1932_1.nasl,
+ scripts/freebsd_ctorrent.nasl,
+ scripts/freebsd_firefox42.nasl,
+ scripts/freebsd_gd1.nasl,
+ scripts/freebsd_kdebase4-runtime.nasl,
+ scripts/freebsd_opera18.nasl,
+ scripts/freebsd_p5-HTML-Parser.nasl,
+ scripts/freebsd_typo32.nasl,
+ scripts/freebsd_vlc1.nasl,
+ scripts/glsa_200911_01.nasl,
+ scripts/suse_sa_2009_051.nasl,
+ scripts/suse_sa_2009_052.nasl,
+ scripts/suse_sr_2009_018.nasl,
+ scripts/ubuntu_857_1.nasl,
+ scripts/mdksa_2009_289.nasl,
+ scripts/mdksa_2009_290.nasl,
+ scripts/mdksa_2009_291.nasl,
+ scripts/mdksa_2009_292.nasl,
+ scripts/mdksa_2009_293.nasl,
+ scripts/RHSA_2009_1528.nasl,
+ scripts/RHSA_2009_1529.nasl,
+ scripts/RHSA_2009_1530.nasl,
+ scripts/RHSA_2009_1531.nasl,
+ scripts/RHSA_2009_1535.nasl,
+ scripts/RHSA_2009_1536.nasl,
+ scripts/RHSA_2009_1540.nasl,
+ scripts/RHSA_2009_1541.nasl,
+ scripts/RHSA_2009_1548.nasl,
+ scripts/RHSA_2009_1549.nasl,
+ scripts/RHSA_2009_1550.nasl,
+ scripts/RHSA_2009_1560.nasl,
+ scripts/RHSA_2009_1561.nasl,
+ scripts/RHSA_2009_1562.nasl,
+ scripts/RHSA_2009_1563.nasl,
+ scripts/fcore_2009_10170.nasl,
+ scripts/fcore_2009_10225.nasl,
+ scripts/fcore_2009_10329.nasl,
+ scripts/fcore_2009_10377.nasl,
+ scripts/fcore_2009_10426.nasl,
+ scripts/fcore_2009_10461.nasl,
+ scripts/fcore_2009_10475.nasl,
+ scripts/fcore_2009_10498.nasl,
+ scripts/fcore_2009_10639.nasl,
+ scripts/fcore_2009_10718.nasl,
+ scripts/fcore_2009_10719.nasl,
+ scripts/fcore_2009_10737.nasl,
+ scripts/fcore_2009_10743.nasl,
+ scripts/fcore_2009_10761.nasl,
+ scripts/fcore_2009_10780.nasl,
+ scripts/fcore_2009_10793.nasl,
+ scripts/fcore_2009_10795.nasl,
+ scripts/fcore_2009_10822.nasl,
+ scripts/fcore_2009_10823.nasl,
+ scripts/fcore_2009_10845.nasl,
+ scripts/fcore_2009_10849.nasl,
+ scripts/fcore_2009_10878.nasl,
+ scripts/fcore_2009_10949.nasl,
+ scripts/fcore_2009_10956.nasl,
+ scripts/fcore_2009_10972.nasl,
+ scripts/fcore_2009_10981.nasl,
+ scripts/fcore_2009_10987.nasl,
+ scripts/fcore_2009_11029.nasl,
+ scripts/fcore_2009_11030.nasl,
+ scripts/fcore_2009_11032.nasl,
+ scripts/fcore_2009_11034.nasl,
+ scripts/fcore_2009_11038.nasl,
+ scripts/fcore_2009_11066.nasl,
+ scripts/fcore_2009_9837.nasl,
+ scripts/fcore_2009_9973.nasl,
+ scripts/fcore_2009_9982.nasl,
+ scripts/ovcesa2009_1427.nasl,
+ scripts/ovcesa2009_1428.nasl,
+ scripts/ovcesa2009_1451.nasl,
+ scripts/ovcesa2009_1452.nasl,
+ scripts/ovcesa2009_1453.nasl,
+ scripts/ovcesa2009_1455.nasl,
+ scripts/ovcesa2009_1459.nasl,
+ scripts/ovcesa2009_1463.nasl,
+ scripts/ovcesa2009_1465.nasl,
+ scripts/ovcesa2009_1470.nasl,
+ scripts/ovcesa2009_1471.nasl,
+ scripts/ovcesa2009_1472.nasl,
+ scripts/ovcesa2009_1484.nasl,
+ scripts/ovcesa2009_1502.nasl,
+ scripts/ovcesa2009_1504.nasl,
+ scripts/ovcesa2009_1513.nasl,
+ scripts/ovcesa2009_1528.nasl,
+ scripts/ovcesa2009_1529.nasl,
+ scripts/ovcesa2009_1530.nasl,
+ scripts/ovcesa2009_1531.nasl,
+ scripts/ovcesa2009_1535.nasl,
+ scripts/ovcesa2009_1536.nasl,
+ scripts/ovcesa2009_1541.nasl,
+ scripts/ovcesa2009_1548.nasl,
+ scripts/ovcesa2009_1549.nasl,
+ scripts/ovcesa2009_1550.nasl,
+ scripts/ovcesa2009_1561.nasl,
+ scripts/sles9p5061160.nasl,
+ scripts/sles9p5061735.nasl,
+ scripts/sles9p5061983.nasl,
+ scripts/sles10_MozillaFirefox7.nasl,
+ scripts/sles10_cyrus-imapd0.nasl,
+ scripts/sles10_mozilla-nspr0.nasl,
+ scripts/sles10_mozilla-xulrunn0.nasl,
+ scripts/sles10_neon.nasl,
+ scripts/sles10_xpdf2.nasl,
+ scripts/sles11_MozillaFirefox7.nasl,
+ scripts/sles11_cyrus-imapd0.nasl,
+ scripts/sles11_ext4dev-kmp-def3.nasl,
+ scripts/sles11_java-1_6_0-ibm1.nasl,
+ scripts/sles11_libneon27.nasl,
+ scripts/sles11_mozilla-nspr.nasl,
+ scripts/sles11_mozilla-xulrunn1.nasl:
+ Added new scripts
+
2009-11-11 Michael Meyer <michael.meyer at intevation.de>
* scripts/secpod_ms_wpp_enterprise_library_detect.nasl,
Added: trunk/openvas-plugins/scripts/RHSA_2009_1528.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1528.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1528.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,108 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1528 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66118);
+ script_cve_id("CVE-2009-2906");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1528");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1528.
+
+Samba is a suite of programs used by machines to share files, printers, and
+other information.
+
+A denial of service flaw was found in the Samba smbd daemon. An
+authenticated, remote user could send a specially-crafted response that
+would cause an smbd child process to enter an infinite loop. An
+authenticated, remote user could use this flaw to exhaust system resources
+by opening multiple CIFS sessions. (CVE-2009-2906)
+
+This update also fixes the following bug:
+
+* the RHSA-2007:0354 update added code to escape input passed to scripts
+that are run by Samba. This code was missing c from the list of valid
+characters, causing it to be escaped. With this update, the previous patch
+has been updated to include c in the list of valid characters.
+(BZ#242754)
+
+Users of Samba should upgrade to these updated packages, which contain a
+backported patch to correct this issue. After installing this update,
+the smb service will be restarted automatically.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1528.html
+http://www.redhat.com/security/updates/classification/#moderate
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1528");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.9~1.3E.16", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.9~1.3E.16", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.9~1.3E.16", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.9~1.3E.16", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.9~1.3E.16", rls:"RHENT_3")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1529.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1529.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1529.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,136 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1529 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66119);
+ script_cve_id("CVE-2009-1888", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1529");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1529.
+
+Samba is a suite of programs used by machines to share files, printers, and
+other information.
+
+A denial of service flaw was found in the Samba smbd daemon. An
+authenticated, remote user could send a specially-crafted response that
+would cause an smbd child process to enter an infinite loop. An
+authenticated, remote user could use this flaw to exhaust system resources
+by opening multiple CIFS sessions. (CVE-2009-2906)
+
+An uninitialized data access flaw was discovered in the smbd daemon when
+using the non-default dos filemode configuration option in smb.conf. An
+authenticated, remote user with write access to a file could possibly use
+this flaw to change an access control list for that file, even when such
+access should have been denied. (CVE-2009-1888)
+
+A flaw was discovered in the way Samba handled users without a home
+directory set in the back-end password database (e.g. /etc/passwd). If a
+share for the home directory of such a user was created (e.g. using the
+automated [homes] share), any user able to access that share could see
+the whole file system, possibly bypassing intended access restrictions.
+(CVE-2009-2813)
+
+The mount.cifs program printed CIFS passwords as part of its debug output
+when running in verbose mode. When mount.cifs had the setuid bit set, a
+local, unprivileged user could use this flaw to disclose passwords from a
+file that would otherwise be inaccessible to that user. Note: mount.cifs
+from the samba packages distributed by Red Hat does not have the setuid bit
+set. This flaw only affected systems where the setuid bit was manually set
+by an administrator. (CVE-2009-2948)
+
+Users of Samba should upgrade to these updated packages, which contain
+backported patches to correct these issues. After installing this update,
+the smb service will be restarted automatically.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1529.html
+http://www.redhat.com/security/updates/classification/#moderate
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1529");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~0.18.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~0.18.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~0.18.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.33~0.18.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~0.18.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~3.15.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~3.15.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~3.15.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.33~3.15.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~3.15.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1530.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1530.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1530.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,169 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1530 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66120);
+ script_cve_id("CVE-2009-1563", "CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3382");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1530");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1530.
+
+Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
+Runtime environment for Mozilla Firefox. nspr provides the Netscape
+Portable Runtime (NSPR).
+
+A flaw was found in the way Firefox handles form history. A malicious web
+page could steal saved form data by synthesizing input events, causing the
+browser to auto-fill form fields (which could then be read by an attacker).
+(CVE-2009-3370)
+
+A flaw was found in the way Firefox creates temporary file names for
+downloaded files. If a local attacker knows the name of a file Firefox is
+going to download, they can replace the contents of that file with
+arbitrary contents. (CVE-2009-3274)
+
+A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file
+processor. If Firefox loads a malicious PAC file, it could crash Firefox
+or, potentially, execute arbitrary code with the privileges of the user
+running Firefox. (CVE-2009-3372)
+
+A heap-based buffer overflow flaw was found in the Firefox GIF image
+processor. A malicious GIF image could crash Firefox or, potentially,
+execute arbitrary code with the privileges of the user running Firefox.
+(CVE-2009-3373)
+
+A heap-based buffer overflow flaw was found in the Firefox string to
+floating point conversion routines. A web page containing malicious
+JavaScript could crash Firefox or, potentially, execute arbitrary code with
+the privileges of the user running Firefox. (CVE-2009-1563)
+
+A flaw was found in the way Firefox handles text selection. A malicious
+website may be able to read highlighted text in a different domain (e.g.
+another website the user is viewing), bypassing the same-origin policy.
+(CVE-2009-3375)
+
+A flaw was found in the way Firefox displays a right-to-left override
+character when downloading a file. In these cases, the name displayed in
+the title bar differs from the name displayed in the dialog body. An
+attacker could use this flaw to trick a user into downloading a file that
+has a file name or extension that differs from what the user expected.
+(CVE-2009-3376)
+
+Several flaws were found in the processing of malformed web content. A web
+page containing malicious content could cause Firefox to crash or,
+potentially, execute arbitrary code with the privileges of the user running
+Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382)
+
+For technical details regarding these flaws, refer to the Mozilla security
+advisories for Firefox 3.0.15. You can find a link to the Mozilla
+advisories in the References section of this errata.
+
+All Firefox users should upgrade to these updated packages, which contain
+Firefox version 3.0.15, which corrects these issues. After installing the
+update, Firefox must be restarted for the changes to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1530.html
+http://www.redhat.com/security/updates/classification/#critical
+http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1530");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.0.15~3.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~3.0.15~3.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nspr", rpm:"nspr~4.7.6~1.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nspr-debuginfo", rpm:"nspr-debuginfo~4.7.6~1.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nspr-devel", rpm:"nspr-devel~4.7.6~1.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.0.15~3.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~3.0.15~3.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nspr", rpm:"nspr~4.7.6~1.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nspr-debuginfo", rpm:"nspr-debuginfo~4.7.6~1.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.0.15~3.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xulrunner-debuginfo", rpm:"xulrunner-debuginfo~1.9.0.15~3.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nspr-devel", rpm:"nspr-devel~4.7.6~1.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xulrunner-devel", rpm:"xulrunner-devel~1.9.0.15~3.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xulrunner-devel-unstable", rpm:"xulrunner-devel-unstable~1.9.0.15~3.el5_4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1531.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1531.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1531.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,160 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1531 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66121);
+ script_cve_id("CVE-2009-1563", "CVE-2009-3274", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1531");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1531.
+
+SeaMonkey is an open source Web browser, email and newsgroup client, IRC
+chat client, and HTML editor.
+
+A flaw was found in the way SeaMonkey creates temporary file names for
+downloaded files. If a local attacker knows the name of a file SeaMonkey is
+going to download, they can replace the contents of that file with
+arbitrary contents. (CVE-2009-3274)
+
+A heap-based buffer overflow flaw was found in the SeaMonkey string to
+floating point conversion routines. A web page containing malicious
+JavaScript could crash SeaMonkey or, potentially, execute arbitrary code
+with the privileges of the user running SeaMonkey. (CVE-2009-1563)
+
+A flaw was found in the way SeaMonkey handles text selection. A malicious
+website may be able to read highlighted text in a different domain (e.g.
+another website the user is viewing), bypassing the same-origin policy.
+(CVE-2009-3375)
+
+A flaw was found in the way SeaMonkey displays a right-to-left override
+character when downloading a file. In these cases, the name displayed in
+the title bar differs from the name displayed in the dialog body. An
+attacker could use this flaw to trick a user into downloading a file that
+has a file name or extension that differs from what the user expected.
+(CVE-2009-3376)
+
+Several flaws were found in the processing of malformed web content. A web
+page containing malicious content could cause SeaMonkey to crash or,
+potentially, execute arbitrary code with the privileges of the user running
+SeaMonkey. (CVE-2009-3380)
+
+All SeaMonkey users should upgrade to these updated packages, which correct
+these issues. After installing the update, SeaMonkey must be restarted for
+the changes to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1531.html
+http://www.redhat.com/security/updates/classification/#critical
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1531");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~0.47.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~50.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~50.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~50.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~50.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~50.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~50.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~50.el4_8", rls:"RHENT_4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1535.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1535.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1535.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,101 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1535 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66122);
+ script_cve_id("CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3615");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1535");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1535.
+
+Pidgin is an instant messaging program which can log in to multiple
+accounts on multiple instant messaging networks simultaneously.
+
+An invalid pointer dereference bug was found in the way the Pidgin OSCAR
+protocol implementation processed lists of contacts. A remote attacker
+could send a specially-crafted contact list to a user running Pidgin,
+causing Pidgin to crash. (CVE-2009-3615)
+
+A NULL pointer dereference flaw was found in the way the Pidgin IRC
+protocol plug-in handles IRC topics. A malicious IRC server could send a
+specially-crafted IRC TOPIC message, which once received by Pidgin, would
+lead to a denial of service (Pidgin crash). (CVE-2009-2703)
+
+A NULL pointer dereference flaw was found in the way the Pidgin MSN
+protocol plug-in handles improper MSNSLP invitations. A remote attacker
+could send a specially-crafted MSNSLP invitation request, which once
+accepted by a valid Pidgin user, would lead to a denial of service (Pidgin
+crash). (CVE-2009-3083)
+
+All Pidgin users should upgrade to this updated package, which contains
+backported patches to resolve these issues. Pidgin must be restarted for
+this update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1535.html
+http://www.redhat.com/security/updates/classification/#moderate
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1535");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~1.5.1~6.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-debuginfo", rpm:"pidgin-debuginfo~1.5.1~6.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1536.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1536.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1536.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,148 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1536 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66123);
+ script_cve_id("CVE-2009-3615");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1536");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1536.
+
+Pidgin is an instant messaging program which can log in to multiple
+accounts on multiple instant messaging networks simultaneously. The AOL
+Open System for Communication in Realtime (OSCAR) protocol is used by the
+AOL ICQ and AIM instant messaging systems.
+
+An invalid pointer dereference bug was found in the way the Pidgin OSCAR
+protocol implementation processed lists of contacts. A remote attacker
+could send a specially-crafted contact list to a user running Pidgin,
+causing Pidgin to crash. (CVE-2009-3615)
+
+These packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin release
+notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog
+
+All Pidgin users should upgrade to these updated packages, which correct
+this issue. Pidgin must be restarted for this update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1536.html
+http://www.redhat.com/security/updates/classification/#moderate
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1536");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"finch", rpm:"finch~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"finch-devel", rpm:"finch-devel~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple", rpm:"libpurple~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-devel", rpm:"libpurple-devel~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-perl", rpm:"libpurple-perl~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-tcl", rpm:"libpurple-tcl~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-debuginfo", rpm:"pidgin-debuginfo~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-devel", rpm:"pidgin-devel~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.6.3~2.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"finch", rpm:"finch~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple", rpm:"libpurple~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-perl", rpm:"libpurple-perl~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-tcl", rpm:"libpurple-tcl~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-debuginfo", rpm:"pidgin-debuginfo~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"finch-devel", rpm:"finch-devel~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-devel", rpm:"libpurple-devel~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-devel", rpm:"pidgin-devel~2.6.3~2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1540.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1540.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1540.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,130 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1540 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66174);
+ script_cve_id("CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3001");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1540");
+
+ desc = "
+The remote host is missing updates to kernel-rt packages announced in
+advisory RHSA-2009:1540.
+
+For details on the issues addressed in this update, please visit
+the referenced security advisories.
+
+These updated packages also include bug fixes and enhancements. Users are
+directed to the Realtime Security Update Release Notes for version 1.1 for
+information on these changes, which will be available shortly from:
+
+http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/
+
+Users should upgrade to these updated packages, which contain backported
+patches to correct these issues and add enhancements. The system must be
+rebooted for this update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1540.html
+http://www.redhat.com/security/updates/classification/#important
+http://kbase.redhat.com/faq/docs/DOC-18042
+http://kbase.redhat.com/faq/docs/DOC-17866
+http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1540");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel-rt", rpm:"kernel-rt~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-debug", rpm:"kernel-rt-debug~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-debug-debuginfo", rpm:"kernel-rt-debug-debuginfo~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-debug-devel", rpm:"kernel-rt-debug-devel~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-debuginfo", rpm:"kernel-rt-debuginfo~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-debuginfo-common", rpm:"kernel-rt-debuginfo-common~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-devel", rpm:"kernel-rt-devel~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-trace", rpm:"kernel-rt-trace~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-trace-debuginfo", rpm:"kernel-rt-trace-debuginfo~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-trace-devel", rpm:"kernel-rt-trace-devel~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-vanilla", rpm:"kernel-rt-vanilla~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-vanilla-debuginfo", rpm:"kernel-rt-vanilla-debuginfo~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-vanilla-devel", rpm:"kernel-rt-vanilla-devel~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-rt-doc", rpm:"kernel-rt-doc~2.6.24.7~137.el5rt", rls:"RHENT_5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1541.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1541.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1541.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,124 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1541 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66175);
+ script_cve_id("CVE-2009-3547");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1541");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1541.
+
+The kernel packages contain the Linux kernel, the core of any Linux
+operating system.
+
+This update fixes the following security issues:
+
+* a NULL pointer dereference flaw was found in each of the following
+functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
+pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
+be released by other processes before it is used to update the pipe's
+reader and writer counters. This could lead to a local denial of service or
+privilege escalation. (CVE-2009-3547, Important)
+
+Users should upgrade to these updated packages, which contain a backported
+patch to correct these issues. The system must be rebooted for this update
+to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1541.html
+http://www.redhat.com/security/updates/classification/#important
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1541");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-hugemem-devel", rpm:"kernel-hugemem-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xenU", rpm:"kernel-xenU~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xenU-devel", rpm:"kernel-xenU-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-largesmp", rpm:"kernel-largesmp~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-largesmp-devel", rpm:"kernel-largesmp-devel~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.9~89.0.16.EL", rls:"RHENT_4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1548.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1548.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1548.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,134 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1548 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66176);
+ script_cve_id("CVE-2009-2695", "CVE-2009-2908", "CVE-2009-3228", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3613");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1548");
+
+ desc = "
+The remote host is missing updates to the kernel announced in
+advisory RHSA-2009:1548.
+
+For details on the issues addressed in this update, please visit
+the referenced security advisories.
+
+Users should upgrade to these updated packages, which contain backported
+patches to correct these issues. The system must be rebooted for this
+update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1548.html
+http://www.redhat.com/security/updates/classification/#important
+http://kbase.redhat.com/faq/docs/DOC-18042
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1548");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-kdump", rpm:"kernel-kdump~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-kdump-debuginfo", rpm:"kernel-kdump-debuginfo~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-kdump-devel", rpm:"kernel-kdump-devel~2.6.18~164.6.1.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1549.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1549.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1549.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,102 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1549 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66177);
+ script_cve_id("CVE-2009-3490");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1549");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1549.
+
+GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP.
+
+Daniel Stenberg reported that Wget is affected by the previously published
+null prefix attack, caused by incorrect handling of NULL characters in
+X.509 certificates. If an attacker is able to get a carefully-crafted
+certificate signed by a trusted Certificate Authority, the attacker could
+use the certificate during a man-in-the-middle attack and potentially
+confuse Wget into accepting it by mistake. (CVE-2009-3490)
+
+Wget users should upgrade to this updated package, which contains a
+backported patch to correct this issue.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1549.html
+http://www.redhat.com/security/updates/classification/#moderate
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1549");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"wget", rpm:"wget~1.10.2~0.30E.1", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.10.2~0.30E.1", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wget", rpm:"wget~1.10.2~1.el4_8.1", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.10.2~1.el4_8.1", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wget", rpm:"wget~1.11.4~2.el5_4.1", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.11.4~2.el5_4.1", rls:"RHENT_5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1550.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1550.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1550.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,110 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1550 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66178);
+ script_cve_id("CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2848", "CVE-2009-3002", "CVE-2009-3547", "CVE-2009-3001");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1550");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1550.
+
+For details on the issues addressed in this update, please visit
+the referenced security advisories.
+
+Users should upgrade to these updated packages, which contain backported
+patches to correct these issues. The system must be rebooted for this
+update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1550.html
+http://www.redhat.com/security/updates/classification/#important
+http://kbase.redhat.com/faq/docs/DOC-17866
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1550");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-BOOT", rpm:"kernel-BOOT~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-hugemem-unsupported", rpm:"kernel-hugemem-unsupported~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-unsupported", rpm:"kernel-smp-unsupported~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-unsupported", rpm:"kernel-unsupported~2.4.21~63.EL", rls:"RHENT_3")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1560.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1560.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1560.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,126 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1560 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66180);
+ script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3886");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1560");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1560.
+
+The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
+the Sun Java 6 Software Development Kit.
+
+This update fixes several vulnerabilities in the Sun Java 6 Runtime
+Environment and the Sun Java 6 Software Development Kit. These
+vulnerabilities are summarized on the Advance notification of Security
+Updates for Java SE page from Sun Microsystems, listed in the References
+section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865,
+CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,
+CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,
+CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
+CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)
+
+Users of java-1.6.0-sun should upgrade to these updated packages, which
+correct these issues. All running instances of Sun Java must be restarted
+for the update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1560.html
+http://www.redhat.com/security/updates/classification/#critical
+http://blogs.sun.com/security/entry/advance_notification_of_security_updates6
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1560");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"java-1.6.0-sun", rpm:"java-1.6.0-sun~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-demo", rpm:"java-1.6.0-sun-demo~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-devel", rpm:"java-1.6.0-sun-devel~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-jdbc", rpm:"java-1.6.0-sun-jdbc~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-plugin", rpm:"java-1.6.0-sun-plugin~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-src", rpm:"java-1.6.0-sun-src~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun", rpm:"java-1.6.0-sun~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-demo", rpm:"java-1.6.0-sun-demo~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-devel", rpm:"java-1.6.0-sun-devel~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-jdbc", rpm:"java-1.6.0-sun-jdbc~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-plugin", rpm:"java-1.6.0-sun-plugin~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1.6.0-sun-src", rpm:"java-1.6.0-sun-src~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1561.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1561.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1561.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,111 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1561 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66181);
+ script_cve_id("CVE-2009-3379");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1561");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1561.
+
+The libvorbis packages contain runtime libraries for use in programs that
+support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
+royalty-free, general-purpose compressed audio format.
+
+Multiple flaws were found in the libvorbis library. A specially-crafted Ogg
+Vorbis media format file (Ogg) could cause an application using libvorbis
+to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)
+
+Users of libvorbis should upgrade to these updated packages, which contain
+backported patches to correct these issues. The desktop must be restarted
+(log out, then log back in) for this update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1561.html
+http://www.redhat.com/security/updates/classification/#important
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1561");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.0~12.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis-debuginfo", rpm:"libvorbis-debuginfo~1.0~12.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.0~12.el3", rls:"RHENT_3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.1.0~3.el4_8.3", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis-debuginfo", rpm:"libvorbis-debuginfo~1.1.0~3.el4_8.3", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.1.0~3.el4_8.3", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.1.2~3.el5_4.4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis-debuginfo", rpm:"libvorbis-debuginfo~1.1.2~3.el5_4.4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.1.2~3.el5_4.4", rls:"RHENT_5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1562.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1562.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1562.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,154 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1562 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66182);
+ script_cve_id("CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1562");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1562.
+
+Apache Tomcat is a servlet container for the Java Servlet and JavaServer
+Pages (JSP) technologies.
+
+It was discovered that the Red Hat Security Advisory RHSA-2007:0876 did not
+address all possible flaws in the way Tomcat handles certain characters and
+character sequences in cookie values. A remote attacker could use this flaw
+to obtain sensitive information, such as session IDs, and then use this
+information for session hijacking attacks. (CVE-2007-5333)
+
+Note: The fix for the CVE-2007-5333 flaw changes the default cookie
+processing behavior: With this update, version 0 cookies that contain
+values that must be quoted to be valid are automatically changed to version
+1 cookies. To reactivate the previous, but insecure behavior, add the
+following entry to the /etc/tomcat5/catalina.properties file:
+
+org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
+
+It was discovered that request dispatchers did not properly normalize user
+requests that have trailing query strings, allowing remote attackers to
+send specially-crafted requests that would cause an information leak.
+(CVE-2008-5515)
+
+A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
+connector processes AJP connections. An attacker could use this flaw to
+send specially-crafted requests that would cause a temporary denial of
+service. (CVE-2009-0033)
+
+It was discovered that the error checking methods of certain authentication
+classes did not have sufficient error checking, allowing remote attackers
+to enumerate (via brute force methods) usernames registered with
+applications running on Tomcat when FORM-based authentication was used.
+(CVE-2009-0580)
+
+A cross-site scripting (XSS) flaw was found in the examples calendar
+application. With some web browsers, remote attackers could use this flaw
+to inject arbitrary web script or HTML via the time parameter.
+(CVE-2009-0781)
+
+It was discovered that web applications containing their own XML parsers
+could replace the XML parser Tomcat uses to parse configuration files. A
+malicious web application running on a Tomcat instance could read or,
+potentially, modify the configuration and XML-based data of other web
+applications deployed on the same Tomcat instance. (CVE-2009-0783)
+
+Users of Tomcat should upgrade to these updated packages, which contain
+backported patches to resolve these issues. Tomcat must be restarted for
+this update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1562.html
+http://tomcat.apache.org/security-5.html
+http://www.redhat.com/security/updates/classification/#important
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1562");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-admin-webapps", rpm:"tomcat5-admin-webapps~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-jasper-javadoc", rpm:"tomcat5-jasper-javadoc~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-jsp-2.0-api", rpm:"tomcat5-jsp-2.0-api~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-jsp-2.0-api-javadoc", rpm:"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-servlet-2.4-api", rpm:"tomcat5-servlet-2.4-api~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-servlet-2.4-api-javadoc", rpm:"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-webapps", rpm:"tomcat5-webapps~5.5.23~0jpp_4rh.16", rls:"RHENT_4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/RHSA_2009_1563.nasl
===================================================================
--- trunk/openvas-plugins/scripts/RHSA_2009_1563.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/RHSA_2009_1563.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,134 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory RHSA-2009:1563 ()
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66183);
+ script_cve_id("CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0783");
+ script_version ("$Revision$");
+ script_name("RedHat Security Advisory RHSA-2009:1563");
+
+ desc = "
+The remote host is missing updates announced in
+advisory RHSA-2009:1563.
+
+Apache Tomcat is a servlet container for the Java Servlet and JavaServer
+Pages (JSP) technologies.
+
+It was discovered that the Red Hat Security Advisory RHSA-2008:0195 did not
+address all possible flaws in the way Tomcat handles certain characters and
+character sequences in cookie values. A remote attacker could use this flaw
+to obtain sensitive information, such as session IDs, and then use this
+information for session hijacking attacks. (CVE-2007-5333)
+
+Note: The fix for the CVE-2007-5333 flaw changes the default cookie
+processing behavior: With this update, version 0 cookies that contain
+values that must be quoted to be valid are automatically changed to version
+1 cookies. To reactivate the previous, but insecure behavior, add the
+following entry to the /etc/tomcat5/catalina.properties file:
+
+org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
+
+It was discovered that request dispatchers did not properly normalize user
+requests that have trailing query strings, allowing remote attackers to
+send specially-crafted requests that would cause an information leak.
+(CVE-2008-5515)
+
+A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
+connector processes AJP connections. An attacker could use this flaw to
+send specially-crafted requests that would cause a temporary denial of
+service. (CVE-2009-0033)
+
+It was discovered that the error checking methods of certain authentication
+classes did not have sufficient error checking, allowing remote attackers
+to enumerate (via brute force methods) usernames registered with
+applications running on Tomcat when FORM-based authentication was used.
+(CVE-2009-0580)
+
+It was discovered that web applications containing their own XML parsers
+could replace the XML parser Tomcat uses to parse configuration files. A
+malicious web application running on a Tomcat instance could read or,
+potentially, modify the configuration and XML-based data of other web
+applications deployed on the same Tomcat instance. (CVE-2009-0783)
+
+Users of Tomcat should upgrade to these updated packages, which contain
+backported patches to resolve these issues. Tomcat must be restarted for
+this update to take effect.
+
+Solution:
+Please note that this update is available via
+Red Hat Network. To use Red Hat Network, launch the Red
+Hat Update Agent with the following command: up2date
+
+http://rhn.redhat.com/errata/RHSA-2009-1563.html
+http://tomcat.apache.org/security-5.html
+http://www.redhat.com/security/updates/classification/#important
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Redhat Security Advisory RHSA-2009:1563");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.23~0jpp_18rh", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.23~0jpp_18rh", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.23~0jpp_18rh", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-jsp-2.0-api", rpm:"tomcat5-jsp-2.0-api~5.5.23~0jpp_18rh", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.23~0jpp_18rh", rls:"RHENT_4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tomcat5-servlet-2.4-api", rpm:"tomcat5-servlet-2.4-api~5.5.23~0jpp_18rh", rls:"RHENT_4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1921_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1921_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1921_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,108 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1921-1 (expat)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66145);
+ script_cve_id("CVE-2009-2625");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1921-1 (expat)");
+
+ desc = "
+The remote host is missing an update to expat
+announced via advisory DSA 1921-1.
+
+
+Peter Valchev discovered an error in expat, an XML parsing C library,
+when parsing certain UTF-8 sequences, which can be exploited to crash an
+application using the library.
+
+For the old stable distribution (etch), this problem has been fixed in
+version 1.95.8-3.4+etch1.
+
+For the stable distribution (lenny), this problem has been fixed in
+version 2.0.1-4+lenny1.
+
+For the testing distribution (squeeze) and the unstable distribution
+(sid), this problem will be fixed soon.
+
+
+We recommend that you upgrade your expat packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201921-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1921-1 (expat)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"libexpat1-dev", ver:"1.95.8-3.4+etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libexpat1", ver:"1.95.8-3.4+etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"expat", ver:"1.95.8-3.4+etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"expat", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libexpat1", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libexpat1-dev", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"lib64expat1", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"lib64expat1-dev", ver:"2.0.1-4+lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1922_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1922_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1922_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,166 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1922-1 (xulrunner)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66146);
+ script_cve_id("CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3382");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1922-1 (xulrunner)");
+
+ desc = "
+The remote host is missing an update to xulrunner
+announced via advisory DSA 1922-1.
+
+Several remote vulnerabilities have been discovered in Xulrunner, a
+runtime environment for XUL applications, such as the Iceweasel web
+browser. The Common Vulnerabilities and Exposures project identifies
+the following problems:
+
+CVE-2009-3380
+
+Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel
+Banchero, David Keeler and Boris Zbarsky reported crashes in
+layout engine, which might allow the execution of arbitrary code.
+
+CVE-2009-3382
+
+Carsten Book reported a crash in the layout engine, which might
+allow the execution of arbitrary code.
+
+CVE-2009-3376
+
+Jesse Ruderman and Sid Stamm discovered spoofing vulnerability
+in the file download dialog.
+
+CVE-2009-3375
+
+Gregory Fleischer discovered a bypass of the same-origin policy
+using the document.getSelection() function.
+
+CVE-2009-3374
+
+moz_bug_r_a4 discovered a privilege escalation to Chrome status
+in the XPCOM utility XPCVariant::VariantDataToJS.
+
+CVE-2009-3373
+
+regenrecht discovered a buffer overflow in the GIF parser, which
+might lead to the execution of arbitrary code.
+
+CVE-2009-3372
+
+Marco C. discovered that a programming error in the proxy auto
+configuration code might lead to denial of service or the
+execution of arbitrary code.
+
+CVE-2009-3274
+
+Jeremy Brown discovered that the filename of a downloaded file
+which is opened by the user is predictable, which might lead to
+tricking the user into a malicious file if the attacker has local
+access to the system.
+
+CVE-2009-3370
+
+Paul Stone discovered that history information from web forms
+could be stolen.
+
+
+For the stable distribution (lenny), these problems have been fixed
+in version 1.9.0.15-0lenny1.
+
+As indicated in the Etch release notes, security support for the
+Mozilla products in the oldstable distribution needed to be stopped
+before the end of the regular Etch security maintenance life cycle.
+You are strongly encouraged to upgrade to stable or switch to a still
+supported browser.
+
+For the unstable distribution (sid), these problems have been fixed in
+version 1.9.1.4-1.
+
+We recommend that you upgrade your xulrunner packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201922-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1922-1 (xulrunner)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"libmozillainterfaces-java", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xulrunner-1.9", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libmozjs1d-dbg", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libmozjs-dev", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libmozjs1d", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xulrunner-dev", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xulrunner-1.9-dbg", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"python-xpcom", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xulrunner-1.9-gnome-support", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"spidermonkey-bin", ver:"1.9.0.15-0lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1923_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1923_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1923_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,95 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1923-1 (libhtml-parser-perl)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66147);
+ script_cve_id("CVE-2009-3627");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1923-1 (libhtml-parser-perl)");
+
+ desc = "
+The remote host is missing an update to libhtml-parser-perl
+announced via advisory DSA 1923-1.
+
+A denial of service vulnerability has been found in libhtml-parser-perl,
+a collection of modules to parse HTML in text documents which is used by
+several other projects like e.g. SpamAssassin.
+
+Mark Martinec discovered that the decode_entities() function will get stuck
+in an infinite loop when parsing certain HTML entities with invalid UTF-8
+characters. An attacker can use this to perform denial of service attacks
+by submitting crafted HTML to an application using this functionality.
+
+
+For the oldstable distribution (etch), this problem has been fixed in
+version 3.55-1+etch1.
+
+For the stable distribution (lenny), this problem has been fixed in
+version 3.56-1+lenny1.
+
+For the testing (squeeze) and unstable (sid) distribution, this problem
+will be fixed soon.
+
+
+We recommend that you upgrade your libhtml-parser-perl packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201923-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1923-1 (libhtml-parser-perl)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"libhtml-parser-perl", ver:"3.55-1+etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libhtml-parser-perl", ver:"3.56-1+lenny1", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1924_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1924_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1924_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,100 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1924-1 (mahara)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66204);
+ script_cve_id("CVE-2009-3298", "CVE-2009-3299");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1924-1 (mahara)");
+
+ desc = "
+The remote host is missing an update to mahara
+announced via advisory DSA 1924-1.
+
+Two vulnerabilities have been discovered in, an electronic portfolio,
+weblog, and resume builder. The Common Vulnerabilities and Exposures
+project identifies the following problems:
+
+CVE-2009-3298
+
+Ruslan Kabalin discovered a issue with resetting passwords, which could
+lead to a privilege escalation of an institutional administrator
+account.
+
+CVE-2009-3299
+
+Sven Vetsch discovered a cross-site scripting vulnerability via the
+resume fields.
+
+
+For the stable distribution (lenny), these problems have been fixed in
+version 1.0.4-4+lenny4.
+
+The oldstable distribution (etch) does not contain mahara.
+
+For the testing distribution (squeeze) and the unstable distribution
+(sid), this problem will be fixed soon.
+
+
+We recommend that you upgrade your mahara packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201924-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1924-1 (mahara)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"mahara-apache2", ver:"1.0.4-4+lenny4", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"mahara", ver:"1.0.4-4+lenny4", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1925_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1925_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1925_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,115 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1925-1 (proftpd-dfsg)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66205);
+ script_cve_id("CVE-2009-3639");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1925-1 (proftpd-dfsg)");
+
+ desc = "
+The remote host is missing an update to proftpd-dfsg
+announced via advisory DSA 1925-1.
+
+It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon,
+does not properly handle a '\0' character in a domain name in the
+Subject Alternative Name field of an X.509 client certificate, when the
+dNSNameRequired TLS option is enabled.
+
+
+For the stable distribution (lenny), this problem has been fixed in
+version 1.3.1-17lenny4.
+
+For the oldstable distribution (etch), this problem has been fixed in
+version 1.3.0-19etch3.
+
+Binaries for the amd64 architecture will be released once they are
+available.
+
+For the testing distribution (squeeze) and the unstable distribution
+(sid), this problem has been fixed in version 1.3.2a-2.
+
+
+We recommend that you upgrade your proftpd-dfsg packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201925-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1925-1 (proftpd-dfsg)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"proftpd-mysql", ver:"1.3.0-19etch3", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"proftpd-ldap", ver:"1.3.0-19etch3", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"proftpd-pgsql", ver:"1.3.0-19etch3", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"proftpd-doc", ver:"1.3.1-17lenny4", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"proftpd", ver:"1.3.1-17lenny4", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"proftpd-mod-ldap", ver:"1.3.1-17lenny4", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"proftpd-basic", ver:"1.3.1-17lenny4", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"proftpd-mod-mysql", ver:"1.3.1-17lenny4", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"proftpd-mod-pgsql", ver:"1.3.1-17lenny4", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1926_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1926_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1926_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,145 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1926-1 (typo3-src)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66206);
+ script_cve_id("CVE-2009-3628", "CVE-2009-3629", "CVE-2009-3630", "CVE-2009-3631", "CVE-2009-3632", "CVE-2009-3633", "CVE-2009-3634", "CVE-2009-3635", "CVE-2009-3636");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1926-1 (typo3-src)");
+
+ desc = "
+The remote host is missing an update to typo3-src
+announced via advisory DSA 1926-1.
+
+Several remote vulnerabilities have been discovered in the TYPO3 web
+content management framework. The Common Vulnerabilities and Exposures
+project identifies the following problems:
+
+CVE-2009-3628
+
+The Backend subcomponent allows remote authenticated users to
+determine an encryption key via crafted input to a form field.
+
+CVE-2009-3629
+
+Multiple cross-site scripting (XSS) vulnerabilities in the
+Backend subcomponent allow remote authenticated users to inject
+arbitrary web script or HTML.
+
+CVE-2009-3630
+
+The Backend subcomponent allows remote authenticated users to
+place arbitrary web sites in TYPO3 backend framesets via
+crafted parameters.
+
+CVE-2009-3631
+
+The Backend subcomponent, when the DAM extension or ftp upload
+is enabled, allows remote authenticated users to execute
+arbitrary commands via shell metacharacters in a filename.
+
+CVE-2009-3632
+
+SQL injection vulnerability in the traditional frontend editing
+feature in the Frontend Editing subcomponent allows remote
+authenticated users to execute arbitrary SQL commands.
+
+CVE-2009-3633
+
+Cross-site scripting (XSS) vulnerability in allows remote
+attackers to inject arbitrary web script.
+
+CVE-2009-3634
+
+Cross-site scripting (XSS) vulnerability in the Frontend Login Box
+(aka felogin) subcomponent allows remote attackers to inject
+arbitrary web script or HTML.
+
+CVE-2009-3635
+
+The Install Tool subcomponent allows remote attackers to gain access
+by using only the password's md5 hash as a credential.
+
+CVE-2009-3636
+
+Cross-site scripting (XSS) vulnerability in the Install Tool
+subcomponen allows remote attackers to inject arbitrary web script
+or HTML.
+
+For the old stable distribution (etch), these problems have been fixed
+in version 4.0.2+debian-9.
+
+For the stable distribution (lenny), these problems have been fixed in
+version 4.2.5-1+lenny2.
+
+For the unstable distribution (sid), these problems have been fixed in
+version 4.2.10-1.
+
+We recommend that you upgrade your typo3-src package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201926-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1926-1 (typo3-src)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"typo3-src-4.0", ver:"4.0.2+debian-9", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"typo3", ver:"4.0.2+debian-9", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"typo3-src-4.2", ver:"4.2.5-1+lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"typo3", ver:"4.2.5-1+lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1927_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1927_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1927_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,388 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1927-1 (linux-2.6)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66207);
+ script_cve_id("CVE-2009-3228", "CVE-2009-3238", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3638");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1927-1 (linux-2.6)");
+
+ desc = "
+The remote host is missing an update to linux-2.6
+announced via advisory DSA 1927-1.
+
+Notice: Debian 5.0.4, the next point release of Debian 'lenny', will
+include a new default value for the mmap_min_addr tunable. This
+change will add an additional safeguard against a class of security
+vulnerabilities known as NULL pointer dereference vulnerabilities,
+but it will need to be overridden when using certain applications.
+Additional information about this change, including instructions for
+making this change locally in advance of 5.0.4 (recommended), can be
+found at:
+http://wiki.debian.org/mmap_min_addr
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a denial of service, sensitive memory leak or privilege
+escalation. The Common Vulnerabilities and Exposures project
+identifies the following problems:
+
+CVE-2009-3228
+
+Eric Dumazet reported an instance of uninitialized kernel memory
+in the network packet scheduler. Local users may be able to
+exploit this issue to read the contents of sensitive kernel
+memory.
+
+CVE-2009-3238
+
+Linus Torvalds provided a change to the get_random_int() function
+to increase its randomness.
+
+CVE-2009-3547
+
+Earl Chew discovered a NULL pointer dereference issue in the
+pipe_rdwr_open function which can be used by local users to gain
+elevated privileges.
+
+CVE-2009-3612
+
+Jiri Pirko discovered a typo in the initialization of a structure
+in the netlink subsystem that may allow local users to gain access
+to sensitive kernel memory.
+
+CVE-2009-3620
+
+Ben Hutchings discovered an issue in the DRM manager for ATI Rage
+128 graphics adapters. Local users may be able to exploit this
+vulnerability to cause a denial of service (NULL pointer
+dereference).
+
+CVE-2009-3621
+
+Tomoki Sekiyama discovered a deadlock condition in the UNIX domain
+socket implementation. Local users can exploit this vulnerability
+to cause a denial of service (system hang).
+
+CVE-2009-3638
+
+David Wagner reported an overflow in the KVM subsystem on i386
+systems. This issue is exploitable by local users with access to
+the /dev/kvm device file.
+
+For the stable distribution (lenny), this problem has been fixed in
+version 2.6.26-19lenny2.
+
+For the oldstable distribution (etch), these problems, where
+applicable, will be fixed in updates to linux-2.6 and linux-2.6.24.
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201927-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1927-1 (linux-2.6)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"linux-tree-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-doc-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-patch-debian-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-source-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-manual-2.6.26", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-support-2.6.26-2", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-alpha", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-alpha-generic", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-alpha-generic", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-libc-dev", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-alpha-legacy", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-alpha-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-alpha-legacy", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-alpha-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-common", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-openvz-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-modules-2.6.26-2-xen-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-openvz-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-common-xen", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-common-vserver", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-xen-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xen-linux-system-2.6.26-2-xen-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-common-openvz", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-xen-amd64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-iop32x", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-iop32x", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-versatile", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-ixp4xx", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-versatile", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-orion5x", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-ixp4xx", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-armel", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-orion5x", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-parisc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-parisc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-parisc-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-parisc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-hppa", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-parisc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-parisc64-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-parisc64-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-parisc-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-486", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-openvz-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-686-bigmem", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-486", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-686-bigmem", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-686-bigmem", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-686-bigmem", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xen-linux-system-2.6.26-2-xen-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-openvz-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-xen-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-xen-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-i386", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-modules-2.6.26-2-xen-686", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-itanium", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-itanium", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-mckinley", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-mckinley", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-itanium", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-mckinley", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-mckinley", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-ia64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-itanium", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-powerpc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-vserver-powerpc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-powerpc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-powerpc-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-powerpc-smp", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-powerpc64", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-vserver-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-all-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.26-2-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.26-2-powerpc", ver:"2.6.26-19lenny2", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1928_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1928_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1928_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,229 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1928-1 (linux-2.6.24)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66208);
+ script_cve_id("CVE-2009-2846", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2849", "CVE-2009-2903", "CVE-2009-2908", "CVE-2009-2909", "CVE-2009-2910", "CVE-2009-3001", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3238", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1928-1 (linux-2.6.24)");
+
+ desc = "
+The remote host is missing an update to linux-2.6.24
+announced via advisory DSA 1928-1.
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a denial of service, sensitive memory leak or privilege
+escalation.
+
+For details on the issues addressed in this update, please visit
+the referenced security advisories.
+
+For the oldstable distribution (etch), this problem has been fixed in
+version 2.6.24-6~etchnhalf.9etch1.
+
+We recommend that you upgrade your linux-2.6.24 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201928-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1928-1 (linux-2.6.24)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"linux-doc-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-tree-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-manual-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-source-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-support-2.6.24-etchnhalf.1", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-patch-debian-2.6.24", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-alpha", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-legacy", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-generic", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-legacy", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-common", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-generic", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-amd64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-amd64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-amd64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc64-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc64-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-hppa", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc-smp", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-486", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-686-bigmem", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-686", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-i386", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-686", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-686-bigmem", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-486", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-mckinley", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-ia64", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-mckinley", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-itanium", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-itanium", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-r5k-cobalt", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-5kc-malta", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-4kc-malta", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-4kc-malta", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-mipsel", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-5kc-malta", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b", ver:"2.6.24-6~etchnhalf.9etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1929_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1929_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1929_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,350 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1929-1 (linux-2.6)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66209);
+ script_cve_id("CVE-2009-1883", "CVE-2009-2909", "CVE-2009-3001", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3238", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3621");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1929-1 (linux-2.6)");
+
+ desc = "
+The remote host is missing an update to linux-2.6
+announced via advisory DSA 1929-1.
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a denial of service, sensitive memory leak or privilege
+escalation.
+
+For details on the issues addressed in this update, please visit
+the referenced security advisories.
+
+For the oldstable distribution (etch), this problem has been fixed in
+version 2.6.18.dfsg.1-26etch1.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201929-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1929-1 (linux-2.6)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"linux-support-2.6.18-6", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-source-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-patch-debian-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-tree-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-doc-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-manual-2.6.18", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-alpha", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-alpha-legacy", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-alpha-generic", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-alpha", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-alpha", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-alpha-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-alpha-legacy", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-alpha-generic", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-alpha-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-modules-2.6.18-6-xen-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-vserver", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-modules-2.6.18-6-xen-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-xen-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-xen-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xen-linux-system-2.6.18-6-xen-vserver-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xen-linux-system-2.6.18-6-xen-amd64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-parisc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-parisc64-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-parisc-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-parisc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-parisc-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-parisc64-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-parisc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-hppa", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-parisc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-686-bigmem", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-686-bigmem", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-modules-2.6.18-6-xen-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-i386", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xen-linux-system-2.6.18-6-xen-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-486", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-k7", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-k7", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-modules-2.6.18-6-xen-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-k7", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"xen-linux-system-2.6.18-6-xen-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-486", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-xen-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-xen-vserver-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-k7", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-xen-686", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-ia64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-mckinley", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-itanium", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-itanium", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-mckinley", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-powerpc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-powerpc-miboot", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-prep", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-powerpc-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-powerpc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-powerpc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-powerpc-miboot", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-powerpc", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-powerpc64", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-prep", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-powerpc-smp", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-s390", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-vserver-s390x", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-s390x", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.18-6-all-s390", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-s390", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-s390x", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-vserver-s390x", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.18-6-s390-tape", ver:"2.6.18.dfsg.1-26etch1", rls:"DEB4.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1930_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1930_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1930_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,111 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1930-1 (drupal6)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66210);
+ script_cve_id("CVE-2009-2372", "CVE-2009-2373", "CVE-2009-2374");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1930-1 (drupal6)");
+
+ desc = "
+The remote host is missing an update to drupal6
+announced via advisory DSA 1930-1.
+
+
+Several vulnerabilities have been found in drupal6, a fully-featured
+content management framework. The Common Vulnerabilities and Exposures
+project identifies the following problems:
+
+CVE-2009-2372
+
+Gerhard Killesreiter discovered a flaw in the way user signatures are
+handled. It is possible for a user to inject arbitrary code via a
+crafted user signature. (SA-CORE-2009-007)
+
+CVE-2009-2373
+
+Mark Piper, Sven Herrmann and Brandon Knight discovered a cross-site
+scripting issue in the forum module, which could be exploited via the
+tid parameter. (SA-CORE-2009-007)
+
+CVE-2009-2374
+
+Sumit Datta discovered that certain drupal6 pages leak sensible
+information such as user credentials. (SA-CORE-2009-007)
+
+
+Several design flaws in the OpenID module have been fixed, which could
+lead to cross-site request forgeries or privilege escalations. Also, the
+file upload function does not process all extensions properly leading
+to the possible execution of arbitrary code.
+(SA-CORE-2009-008)
+
+
+For the stable distribution (lenny), these problems have been fixed in
+version 6.6-3lenny3.
+
+The oldstable distribution (etch) does not contain drupal6.
+
+For the testing distribution (squeeze) and the unstable distribution
+(sid), these problems have been fixed in version 6.14-1.
+
+
+We recommend that you upgrade your drupal6 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201930-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1930-1 (drupal6)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"drupal6", ver:"6.6-3lenny3", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1931_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1931_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1931_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,101 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1931-1 (nspr)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66211);
+ script_cve_id("CVE-2009-1563", "CVE-2009-2463");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1931-1 (nspr)");
+
+ desc = "
+The remote host is missing an update to nspr
+announced via advisory DSA 1931-1.
+
+Several vulnerabilities have been discovered in the NetScape Portable
+Runtime Library, which may lead to the execution of arbitrary code. The
+Common Vulnerabilities and Exposures project identifies the following
+problems:
+
+CVE-2009-1563
+
+A programming error in the string handling code may lead to the
+execution of arbitrary code.
+
+CVE-2009-2463
+
+An integer overflow in the Base64 decoding functions may lead to
+the execution of arbitrary code.
+
+The old stable distribution (etch) doesn't contain nspr.
+
+For the stable distribution (lenny), these problems have been fixed in
+version 4.7.1-5.
+
+For the unstable distribution (sid) these problems have been fixed in
+version 4.8.2-1.
+
+We recommend that you upgrade your NSPR packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201931-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1931-1 (nspr)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"libnspr4-0d", ver:"4.7.1-5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libnspr4-0d-dbg", ver:"4.7.1-5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libnspr4-dev", ver:"4.7.1-5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/deb_1932_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1932_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/deb_1932_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,107 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1932-1 (pidgin)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66212);
+ script_cve_id("CVE-2009-3615");
+ script_version ("$Revision$");
+ script_name("Debian Security Advisory DSA 1932-1 (pidgin)");
+
+ desc = "
+The remote host is missing an update to pidgin
+announced via advisory DSA 1932-1.
+
+It was discovered that incorrect pointer handling in the purple library,
+an internal component of the multi-protocol instant messaging client
+Pidgin, could lead to denial of service or the execution of arbitrary
+code through malformed contact requests.
+
+For the stable distribution (lenny), this problem has been fixed in
+version 2.4.3-4lenny5.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 2.6.3-1.
+
+We recommend that you upgrade your pidgin package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201932-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Debian Security Advisory DSA 1932-1 (pidgin)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Debian Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"finch-dev", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"pidgin-data", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"pidgin-dev", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libpurple-dev", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libpurple-bin", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libpurple0", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"finch", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"pidgin-dbg", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"pidgin", ver:"2.4.3-4lenny5", rls:"DEB5.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10170.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10170.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10170.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10170 (mimetex)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66196);
+ script_cve_id("CVE-2009-1382", "CVE-2009-2459");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10170 (mimetex)");
+
+ desc = "
+The remote host is missing an update to mimetex
+announced via advisory FEDORA-2009-10170.
+
+Update Information:
+
+- Fixes a buffer-overflow as detailed in #511049. - Updates to 1.7.
+
+ChangeLog:
+
+* Thu Oct 1 2009 Jorge Torres - 1.71-1
+- Update to 1.71
+
+References:
+
+[ 1 ] Bug #511049 - CVE-2009-1382 CVE-2009-2459 mimeTeX: various flaws
+https://bugzilla.redhat.com/show_bug.cgi?id=511049
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update mimetex' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10170
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10170 (mimetex)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"mimetex", rpm:"mimetex~1.71~1.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mimetex-debuginfo", rpm:"mimetex-debuginfo~1.71~1.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10225.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10225.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10225.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10225 (mimetex)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66192);
+ script_cve_id("CVE-2009-1382", "CVE-2009-2459");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10225 (mimetex)");
+
+ desc = "
+The remote host is missing an update to mimetex
+announced via advisory FEDORA-2009-10225.
+
+Update Information:
+
+- Fixes a buffer-overflow as detailed in #511049. - Updates to 1.7.
+
+ChangeLog:
+
+* Thu Oct 1 2009 Jorge Torres - 1.71-1
+- Update to 1.71
+
+References:
+
+[ 1 ] Bug #511049 - CVE-2009-1382 CVE-2009-2459 mimeTeX: various flaws
+https://bugzilla.redhat.com/show_bug.cgi?id=511049
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update mimetex' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10225
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10225 (mimetex)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"mimetex", rpm:"mimetex~1.71~1.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mimetex-debuginfo", rpm:"mimetex-debuginfo~1.71~1.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10329.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10329.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10329.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,92 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10329 (python-markdown2)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66143);
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10329 (python-markdown2)");
+
+ desc = "
+The remote host is missing an update to python-markdown2
+announced via advisory FEDORA-2009-10329.
+
+Update Information:
+
+Update from 1.0.1.11 to 1.0.1.15, which fixes some issues, including these two
+security-related bugs:
+- [Issue 30] Fix a possible XSS via JavaScript injection in a carefully
+ crafted image reference (usage of double-quotes in the URL).
+- [Issue 29] Fix security hole in the md5-hashing scheme for handling HTML
+ chunks during processing.
+
+See http://code.google.com/p/python-markdown2/source/browse/trunk/CHANGES.txt
+for the full changelog.
+
+ChangeLog:
+
+* Thu Oct 8 2009 Thomas Moschny - 1.0.1.15-1
+- Update to 1.0.1.15. Fixes three issues, two of them being security-related.
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update python-markdown2' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10329
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10329 (python-markdown2)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"python-markdown2", rpm:"python-markdown2~1.0.1.15~1.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10377.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10377.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10377.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,97 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10377 (python-markdown2)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66130);
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10377 (python-markdown2)");
+
+ desc = "
+The remote host is missing an update to python-markdown2
+announced via advisory FEDORA-2009-10377.
+
+This is a fast and complete Python implementation of the Markdown
+spec.
+
+For information about markdown itself, see
+http://daringfireball.net/projects/markdown/
+
+Update Information:
+
+Update from 1.0.1.11 to 1.0.1.15, which fixes some issues, including these two
+security-related bugs:
+- [Issue 30] Fix a possible XSS via JavaScript injection in a carefully
+ crafted image reference (usage of double-quotes in the URL).
+- [Issue 29] Fix security hole in the md5-hashing scheme for handling
+ HTML chunks during processing.
+See http://code.google.com/p/python-markdown2/source/browse/trunk/CHANGES.txt
+for the full changelog.
+
+ChangeLog:
+
+* Thu Oct 8 2009 Thomas Moschny - 1.0.1.15-1
+- Update to 1.0.1.15. Fixes three issues, two of them being security-related.
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update python-markdown2' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10377
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10377 (python-markdown2)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"python-markdown2", rpm:"python-markdown2~1.0.1.15~1.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10426.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10426.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10426.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10426 (rt3)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66188);
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10426 (rt3)");
+
+ desc = "
+The remote host is missing an update to rt3
+announced via advisory FEDORA-2009-10426.
+
+ChangeLog:
+
+* Tue Oct 13 2009 Ralf Corsépius - 3.8.2-11
+- Update rt-3.8.2-rh-bz526870.diff.
+* Mon Oct 12 2009 Ralf Corsépius - 3.8.2-10
+- Add rt-3.8.2-rh-bz526870.diff (BZ #526870).
+
+References:
+
+[ 1 ] Bug #526870 - Update to rt 3.8.5
+https://bugzilla.redhat.com/show_bug.cgi?id=526870
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update rt3' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10426
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10426 (rt3)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"perl-RT-Test", rpm:"perl-RT-Test~3.8.2~11.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt3", rpm:"rt3~3.8.2~11.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt3-mailgate", rpm:"rt3-mailgate~3.8.2~11.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10461.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10461.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10461.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10461 (slim)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66141);
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10461 (slim)");
+
+ desc = "
+The remote host is missing an update to slim
+announced via advisory FEDORA-2009-10461.
+
+Update Information:
+
+Here is where you give an explanation of your update.
+ChangeLog:
+
+* Sat Oct 10 2009 Lorenzo Villani - 1.3.1-9
+- rebuilt
+* Sat Oct 10 2009 Lorenzo Villani - 1.3.1-8
+- Fix BZ #518068
+
+References:
+
+[ 1 ] Bug #505359 - Current directory included in default path
+https://bugzilla.redhat.com/show_bug.cgi?id=505359
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update slim' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10461
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10461 (slim)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"slim", rpm:"slim~1.3.1~9.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"slim-debuginfo", rpm:"slim-debuginfo~1.3.1~9.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10475.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10475.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10475.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,88 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10475 (slim)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66131);
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10475 (slim)");
+
+ desc = "
+The remote host is missing an update to slim
+announced via advisory FEDORA-2009-10475.
+
+ChangeLog:
+
+* Sat Oct 10 2009 Lorenzo Villani - 1.3.1-8
+- Fix BZ #518068
+
+References:
+
+[ 1 ] Bug #505359 - Current directory included in default path
+https://bugzilla.redhat.com/show_bug.cgi?id=505359
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update slim' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10475
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10475 (slim)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"slim", rpm:"slim~1.3.1~8.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"slim-debuginfo", rpm:"slim-debuginfo~1.3.1~8.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10498.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10498.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10498.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10498 (rt3)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66187);
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10498 (rt3)");
+
+ desc = "
+The remote host is missing an update to rt3
+announced via advisory FEDORA-2009-10498.
+
+ChangeLog:
+
+* Tue Oct 13 2009 Ralf Corsépius - 3.8.2-11
+- Update rt-3.8.2-rh-bz526870.diff.
+* Mon Oct 12 2009 Ralf Corsépius - 3.8.2-10
+- Add rt-3.8.2-rh-bz526870.diff (BZ #526870).
+
+References:
+
+[ 1 ] Bug #526870 - Update to rt 3.8.5
+https://bugzilla.redhat.com/show_bug.cgi?id=526870
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update rt3' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10498
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10498 (rt3)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"perl-RT-Test", rpm:"perl-RT-Test~3.8.2~11.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt3", rpm:"rt3~3.8.2~11.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt3-mailgate", rpm:"rt3-mailgate~3.8.2~11.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10639.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10639.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10639.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,169 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10639 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66133);
+ script_cve_id("CVE-2009-3612", "CVE-2009-2909", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-3290", "CVE-2009-2847", "CVE-2009-2910");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10639 (kernel)");
+
+ desc = "
+The remote host is missing an update to kernel
+announced via advisory FEDORA-2009-10639.
+
+Update to kernel 2.6.30.9. Upstream change logs:
+http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.9
+Also fixes:
+- Kernel stack randomization bug
+- NULL dereference in r128 driver
+- ftrace memory corruption on module unload
+- boot hanging on some systems
+- some latency problems caused by scheduler bugs
+
+References:
+
+[ 1 ] Bug #524124 - CVE-2009-3290 kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0
+https://bugzilla.redhat.com/show_bug.cgi?id=524124
+[ 2 ] Bug #528868 - CVE-2009-3612 kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
+https://bugzilla.redhat.com/show_bug.cgi?id=528868
+[ 3 ] Bug #522331 - CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams
+https://bugzilla.redhat.com/show_bug.cgi?id=522331
+[ 4 ] Bug #527534 - CVE-2009-2908 kernel ecryptfs NULL pointer dereference
+https://bugzilla.redhat.com/show_bug.cgi?id=527534
+[ 5 ] Bug #528887 - CVE-2009-2909 kernel: ax25 stack overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=528887
+[ 6 ] Bug #526788 - CVE-2009-2910 kernel: x86_64 32 bit process register leak
+https://bugzilla.redhat.com/show_bug.cgi?id=526788
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update kernel' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10639
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10639 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i586~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i686~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc64~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~x86_64~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.30.9~90.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10718.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10718.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10718.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,85 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10718 (sahana)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66127);
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10718 (sahana)");
+
+ desc = "
+The remote host is missing an update to sahana
+announced via advisory FEDORA-2009-10718.
+
+ChangeLog:
+
+* Wed Oct 21 2009 David Nalley 0.6.2.2-6
+- fixed security issue noted in bz 530255
+
+References:
+
+[ 1 ] Bug #530255 - Sahana security hole exposes any file on system
+https://bugzilla.redhat.com/show_bug.cgi?id=530255
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update sahana' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10718
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10718 (sahana)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"sahana", rpm:"sahana~0.6.2.2~6.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10719.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10719.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10719.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,113 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10719 (systemtap)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66128);
+ script_cve_id("CVE-2009-2911");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10719 (systemtap)");
+
+ desc = "
+The remote host is missing an update to systemtap
+announced via advisory FEDORA-2009-10719.
+
+Update Information:
+
+Fixes three DOS issues in --unprivileged mode. (CVE-2009-2911)
+ChangeLog:
+
+* Wed Oct 21 2009 Josh Stone - 1.0-2
+- Fix three --unprivileged DOS issues (CVE-2009-2911)
+
+References:
+
+[ 1 ] Bug #529175 - CVE-2009-2911 SystemTap 1.0: Multiple denial of service flaws once --unprivileged mode is activated
+https://bugzilla.redhat.com/show_bug.cgi?id=529175
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update systemtap' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10719
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10719 (systemtap)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"systemtap", rpm:"systemtap~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-client", rpm:"systemtap-client~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-grapher", rpm:"systemtap-grapher~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-initscript", rpm:"systemtap-initscript~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-runtime", rpm:"systemtap-runtime~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-sdt-devel", rpm:"systemtap-sdt-devel~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-server", rpm:"systemtap-server~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-testsuite", rpm:"systemtap-testsuite~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-debuginfo", rpm:"systemtap-debuginfo~1.0~2.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10737.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10737.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10737.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,102 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10737 (jasper)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66129);
+ script_cve_id("CVE-2008-3520", "CVE-2008-3522");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10737 (jasper)");
+
+ desc = "
+The remote host is missing an update to jasper
+announced via advisory FEDORA-2009-10737.
+
+ChangeLog:
+
+* Tue Oct 13 2009 Rex Dieter - 1.900.1-13
+- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
+- CVE-2008-3522 jasper: possible buffer overflow in
+ jas_stream_printf() (#461478)
+
+References:
+
+[ 1 ] Bug #461476 - CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls
+https://bugzilla.redhat.com/show_bug.cgi?id=461476
+[ 2 ] Bug #461478 - CVE-2008-3522 jasper: possible buffer overflow in jas_stream_printf()
+https://bugzilla.redhat.com/show_bug.cgi?id=461478
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update jasper' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10737
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10737 (jasper)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"jasper", rpm:"jasper~1.900.1~13.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jasper-devel", rpm:"jasper-devel~1.900.1~13.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jasper-libs", rpm:"jasper-libs~1.900.1~13.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jasper-utils", rpm:"jasper-utils~1.900.1~13.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jasper-debuginfo", rpm:"jasper-debuginfo~1.900.1~13.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10743.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10743.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10743.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,92 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10743 (squidGuard)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66197);
+ script_cve_id("CVE-2009-3700");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10743 (squidGuard)");
+
+ desc = "
+The remote host is missing an update to squidGuard
+announced via advisory FEDORA-2009-10743.
+
+For details on the issues addressed in this update, please
+visit the referenced security advisories.
+
+ChangeLog:
+
+* Mon Oct 26 2009 Jon Ciesla - 1.4-8
+- Applying upstream patches for CVE-2009-3700, BZ 530862.
+
+References:
+
+[ 1 ] Bug #530862 - CVE-2009-3700 squidGuard: buffer overflow in sgLog.c and two URL filter bypass issues
+https://bugzilla.redhat.com/show_bug.cgi?id=530862
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update squidGuard' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10743
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10743 (squidGuard)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.4~8.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squidGuard-debuginfo", rpm:"squidGuard-debuginfo~1.4~8.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10761.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10761.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10761.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,102 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10761 (jasper)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66132);
+ script_cve_id("CVE-2008-3520", "CVE-2008-3522");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10761 (jasper)");
+
+ desc = "
+The remote host is missing an update to jasper
+announced via advisory FEDORA-2009-10761.
+
+ChangeLog:
+
+* Tue Oct 13 2009 Rex Dieter - 1.900.1-13
+- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
+- CVE-2008-3522 jasper: possible buffer overflow in
+ jas_stream_printf() (#461478)
+
+References:
+
+[ 1 ] Bug #461476 - CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls
+https://bugzilla.redhat.com/show_bug.cgi?id=461476
+[ 2 ] Bug #461478 - CVE-2008-3522 jasper: possible buffer overflow in jas_stream_printf()
+https://bugzilla.redhat.com/show_bug.cgi?id=461478
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update jasper' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10761
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10761 (jasper)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"jasper", rpm:"jasper~1.900.1~13.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jasper-devel", rpm:"jasper-devel~1.900.1~13.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jasper-libs", rpm:"jasper-libs~1.900.1~13.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jasper-utils", rpm:"jasper-utils~1.900.1~13.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jasper-debuginfo", rpm:"jasper-debuginfo~1.900.1~13.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10780.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10780.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10780.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,91 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10780 (squidGuard)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66191);
+ script_cve_id("CVE-2009-3700");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10780 (squidGuard)");
+
+ desc = "
+The remote host is missing an update to squidGuard
+announced via advisory FEDORA-2009-10780.
+
+For details, please visit the referenced security advisories.
+
+ChangeLog:
+
+* Mon Oct 26 2009 Jon Ciesla - 1.4-8
+- Applying upstream patches for CVE-2009-3700, BZ 530862.
+
+References:
+
+[ 1 ] Bug #530862 - CVE-2009-3700 squidGuard: buffer overflow in sgLog.c and two URL filter bypass issues
+https://bugzilla.redhat.com/show_bug.cgi?id=530862
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update squidGuard' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10780
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10780 (squidGuard)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.4~8.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squidGuard-debuginfo", rpm:"squidGuard-debuginfo~1.4~8.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10793.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10793.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10793.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,88 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10793 (wordpress)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66134);
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10793 (wordpress)");
+
+ desc = "
+The remote host is missing an update to wordpress
+announced via advisory FEDORA-2009-10793.
+
+Update Information:
+
+Updated to 2.8.5 (Hardening Release)
+ChangeLog:
+
+* Wed Oct 21 2009 Adrian Reber - 2.8.5-1
+- updated to 2.8.5 (Hardening Release)
+
+References:
+
+[ 1 ] Bug #530056 - WordPress: Resource exhaustion (DoS)
+https://bugzilla.redhat.com/show_bug.cgi?id=530056
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update wordpress' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10793
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10793 (wordpress)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"wordpress", rpm:"wordpress~2.8.5~1.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10795.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10795.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10795.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,89 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10795 (wordpress)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66135);
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10795 (wordpress)");
+
+ desc = "
+The remote host is missing an update to wordpress
+announced via advisory FEDORA-2009-10795.
+
+Update Information:
+
+Updated to 2.8.5 (Hardening Release)
+
+ChangeLog:
+
+* Wed Oct 21 2009 Adrian Reber - 2.8.5-1
+- updated to 2.8.5 (Hardening Release)
+
+References:
+
+[ 1 ] Bug #530056 - WordPress: Resource exhaustion (DoS)
+https://bugzilla.redhat.com/show_bug.cgi?id=530056
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update wordpress' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10795
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10795 (wordpress)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"wordpress", rpm:"wordpress~2.8.5~1.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10822.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10822.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10822.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,85 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10822 (sahana)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66138);
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10822 (sahana)");
+
+ desc = "
+The remote host is missing an update to sahana
+announced via advisory FEDORA-2009-10822.
+
+ChangeLog:
+
+* Wed Oct 21 2009 David Nalley 0.6.2.2-6
+- fixed security issue noted in bz 530255
+
+References:
+
+[ 1 ] Bug #530255 - Sahana security hole exposes any file on system
+https://bugzilla.redhat.com/show_bug.cgi?id=530255
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update sahana' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10822
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10822 (sahana)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"sahana", rpm:"sahana~0.6.2.2~6.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10823.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10823.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10823.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,133 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10823 (poppler)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66139);
+ script_cve_id("CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3607", "CVE-2009-3608", "CVE-2009-3609");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10823 (poppler)");
+
+ desc = "
+The remote host is missing an update to poppler
+announced via advisory FEDORA-2009-10823.
+
+Update Information:
+
+This build addresses several recent security issues.
+
+ChangeLog:
+
+* Sun Oct 25 2009 Rex Dieter - 0.8.8-7
+- CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915)
+- CVE-2009-3604 Splash::drawImage integer overflow and missing allocation
+ return value check(#526911)
+- CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877)
+- CVE-2009-3607 create_surface_from_thumbnail_data integer overflow (#526924)
+- CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637)
+- CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893)
+
+References:
+
+[ 1 ] Bug #526915 - CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=526915
+[ 2 ] Bug #526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check
+https://bugzilla.redhat.com/show_bug.cgi?id=526911
+[ 3 ] Bug #526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=526877
+[ 4 ] Bug #526924 - CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=526924
+[ 5 ] Bug #526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)
+https://bugzilla.redhat.com/show_bug.cgi?id=526637
+[ 6 ] Bug #526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=526893
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update poppler' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10823
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10823 (poppler)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"poppler", rpm:"poppler~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-devel", rpm:"poppler-devel~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-glib", rpm:"poppler-glib~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-glib-devel", rpm:"poppler-glib-devel~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-qt", rpm:"poppler-qt~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-qt-devel", rpm:"poppler-qt-devel~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-qt4", rpm:"poppler-qt4~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-qt4-devel", rpm:"poppler-qt4-devel~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-utils", rpm:"poppler-utils~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-debuginfo", rpm:"poppler-debuginfo~0.8.7~7.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10845.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10845.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10845.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,132 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10845 (poppler)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66140);
+ script_cve_id("CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3607", "CVE-2009-3608", "CVE-2009-3609");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10845 (poppler)");
+
+ desc = "
+The remote host is missing an update to poppler
+announced via advisory FEDORA-2009-10845.
+
+Update Information:
+
+This build addresses several recent security issues.
+
+ChangeLog:
+
+* Sun Oct 25 2009 Rex Dieter - 0.10.7-3
+- CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915)
+- CVE-2009-3604 Splash::drawImage integer overflow and missing allocation return value check(#526911)
+- CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877)
+- CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow (#526924)
+- CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637)
+- CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893)
+
+References:
+
+[ 1 ] Bug #526915 - CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=526915
+[ 2 ] Bug #526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check
+https://bugzilla.redhat.com/show_bug.cgi?id=526911
+[ 3 ] Bug #526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=526877
+[ 4 ] Bug #526924 - CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=526924
+[ 5 ] Bug #526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)
+https://bugzilla.redhat.com/show_bug.cgi?id=526637
+[ 6 ] Bug #526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow
+https://bugzilla.redhat.com/show_bug.cgi?id=526893
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update poppler' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10845
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10845 (poppler)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"poppler", rpm:"poppler~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-devel", rpm:"poppler-devel~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-glib", rpm:"poppler-glib~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-glib-devel", rpm:"poppler-glib-devel~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-qt", rpm:"poppler-qt~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-qt-devel", rpm:"poppler-qt-devel~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-qt4", rpm:"poppler-qt4~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-qt4-devel", rpm:"poppler-qt4-devel~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-utils", rpm:"poppler-utils~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-debuginfo", rpm:"poppler-debuginfo~0.10.7~3.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10849.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10849.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10849.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,114 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10849 (systemtap)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66142);
+ script_cve_id("CVE-2009-2911");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10849 (systemtap)");
+
+ desc = "
+The remote host is missing an update to systemtap
+announced via advisory FEDORA-2009-10849.
+
+Update Information:
+
+Fixes three DOS issues in --unprivileged mode. (CVE-2009-2911)
+
+ChangeLog:
+
+* Wed Oct 21 2009 Josh Stone - 1.0-2
+- Fix three --unprivileged DOS issues (CVE-2009-2911)
+
+References:
+
+[ 1 ] Bug #529175 - CVE-2009-2911 SystemTap 1.0: Multiple denial of service flaws once --unprivileged mode is activated
+https://bugzilla.redhat.com/show_bug.cgi?id=529175
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update systemtap' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10849
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10849 (systemtap)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"systemtap", rpm:"systemtap~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-client", rpm:"systemtap-client~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-grapher", rpm:"systemtap-grapher~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-initscript", rpm:"systemtap-initscript~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-runtime", rpm:"systemtap-runtime~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-sdt-devel", rpm:"systemtap-sdt-devel~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-server", rpm:"systemtap-server~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-testsuite", rpm:"systemtap-testsuite~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"systemtap-debuginfo", rpm:"systemtap-debuginfo~1.0~2.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10878.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10878.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10878.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,114 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10878 (chmsee)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66144);
+ script_cve_id("CVE-2009-3380", "CVE-2009-3376", "CVE-2009-3375", "CVE-2009-1563", "CVE-2009-3374", "CVE-2009-3373", "CVE-2009-3372", "CVE-2009-3274", "CVE-2009-3370");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10878 (chmsee)");
+
+ desc = "
+The remote host is missing an update to chmsee
+announced via advisory FEDORA-2009-10878.
+
+Update Information:
+
+Update to new upstream Firefox version 3.5.4, fixing multiple security issues
+detailed in the upstream advisories:
+http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.4
+
+Update also includes all packages depending on gecko-libs rebuilt against
+new version of Firefox / XULRunner.
+
+ChangeLog:
+
+* Tue Oct 27 2009 Jan Horak - 1.0.1-12
+- Rebuild against newer gecko
+
+References:
+
+[ 1 ] Bug #530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption
+https://bugzilla.redhat.com/show_bug.cgi?id=530567
+[ 2 ] Bug #530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override
+https://bugzilla.redhat.com/show_bug.cgi?id=530168
+[ 3 ] Bug #530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
+https://bugzilla.redhat.com/show_bug.cgi?id=530167
+[ 4 ] Bug #530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion
+https://bugzilla.redhat.com/show_bug.cgi?id=530162
+[ 5 ] Bug #530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS()
+https://bugzilla.redhat.com/show_bug.cgi?id=530157
+[ 6 ] Bug #530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
+https://bugzilla.redhat.com/show_bug.cgi?id=530156
+[ 7 ] Bug #530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing
+https://bugzilla.redhat.com/show_bug.cgi?id=530155
+[ 8 ] Bug #524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use
+https://bugzilla.redhat.com/show_bug.cgi?id=524815
+[ 9 ] Bug #530151 - CVE-2009-3370 Firefox form history vulnerable to stealing
+https://bugzilla.redhat.com/show_bug.cgi?id=530151
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update chmsee' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10878
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10878 (chmsee)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"chmsee", rpm:"chmsee~1.0.1~12.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"chmsee-debuginfo", rpm:"chmsee-debuginfo~1.0.1~12.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10949.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10949.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10949.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,96 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10949 (PyXML)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66189);
+ script_cve_id("CVE-2009-3720");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10949 (PyXML)");
+
+ desc = "
+The remote host is missing an update to PyXML
+announced via advisory FEDORA-2009-10949.
+
+Update Information:
+
+Switched to using system expat library. Updated expat packages are needed to
+fully resolve this flaw.
+
+ChangeLog:
+
+* Mon Nov 2 2009 Roman Rakus - 0.8.4-12
+- Use system expat library
+* Fri Oct 30 2009 Roman Rakus - 0.8.4-11
+- Fix buffer over read
+
+References:
+
+[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
+https://bugzilla.redhat.com/show_bug.cgi?id=531697
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update PyXML' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10949
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10949 (PyXML)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"PyXML", rpm:"PyXML~0.8.4~12.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"PyXML-debuginfo", rpm:"PyXML-debuginfo~0.8.4~12.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10956.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10956.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10956.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,93 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10956 (python-4Suite-XML)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66190);
+ script_cve_id("CVE-2009-3720");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10956 (python-4Suite-XML)");
+
+ desc = "
+The remote host is missing an update to python-4Suite-XML
+announced via advisory FEDORA-2009-10956.
+
+Update Information:
+
+Fixes a denial of service when handling malformed XML (CVE-2009-3720)
+ChangeLog:
+
+* Tue Nov 3 2009 Miloslav Trmač - 1.0.2-8
+- Fix an expat DoS
+Related: #531697
+
+References:
+
+[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
+https://bugzilla.redhat.com/show_bug.cgi?id=531697
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update python-4Suite-XML' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10956
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10956 (python-4Suite-XML)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"python-4Suite-XML", rpm:"python-4Suite-XML~1.0.2~8.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"python-4Suite-XML", rpm:"python-4Suite-XML~debuginfo~1.0.2", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10972.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10972.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10972.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,88 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10972 (python-4Suite-XML)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66193);
+ script_cve_id("CVE-2009-3720");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10972 (python-4Suite-XML)");
+
+ desc = "
+The remote host is missing an update to python-4Suite-XML
+announced via advisory FEDORA-2009-10972.
+
+Update Information:
+
+Fixes a denial of service when handling malformed XML (CVE-2009-3720)
+
+References:
+
+[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
+https://bugzilla.redhat.com/show_bug.cgi?id=531697
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update python-4Suite-XML' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10972
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10972 (python-4Suite-XML)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"python-4Suite-XML", rpm:"python-4Suite-XML~1.0.2~8.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"python-4Suite-XML", rpm:"python-4Suite-XML~debuginfo~1.0.2", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10981.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10981.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10981.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,116 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10981 (blam)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66194);
+ script_cve_id("CVE-2009-3380", "CVE-2009-3382", "CVE-2009-3376", "CVE-2009-3375", "CVE-2009-1563", "CVE-2009-3374", "CVE-2009-3373", "CVE-2009-3372", "CVE-2009-3274", "CVE-2009-3370");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-10981 (blam)");
+
+ desc = "
+The remote host is missing an update to blam
+announced via advisory FEDORA-2009-10981.
+
+Update Information:
+
+Update to new upstream Firefox version 3.0.15, fixing multiple security issues
+detailed in the upstream advisories:
+http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15
+
+Update also includes all packages depending on gecko-libs rebuilt against
+new version of Firefox / XULRunner.
+
+ChangeLog:
+
+* Tue Oct 27 2009 Jan Horak - 1.8.5-15
+- Rebuild against newer gecko
+
+References:
+
+[ 1 ] Bug #530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption
+https://bugzilla.redhat.com/show_bug.cgi?id=530567
+[ 2 ] Bug #530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption
+https://bugzilla.redhat.com/show_bug.cgi?id=530569
+[ 3 ] Bug #530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override
+https://bugzilla.redhat.com/show_bug.cgi?id=530168
+[ 4 ] Bug #530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
+https://bugzilla.redhat.com/show_bug.cgi?id=530167
+[ 5 ] Bug #530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion
+https://bugzilla.redhat.com/show_bug.cgi?id=530162
+[ 6 ] Bug #530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS()
+https://bugzilla.redhat.com/show_bug.cgi?id=530157
+[ 7 ] Bug #530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
+https://bugzilla.redhat.com/show_bug.cgi?id=530156
+[ 8 ] Bug #530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing
+https://bugzilla.redhat.com/show_bug.cgi?id=530155
+[ 9 ] Bug #524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use
+https://bugzilla.redhat.com/show_bug.cgi?id=524815
+[ 10 ] Bug #530151 - CVE-2009-3370 Firefox form history vulnerable to stealing
+https://bugzilla.redhat.com/show_bug.cgi?id=530151
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update blam' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10981
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-10981 (blam)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"blam", rpm:"blam~1.8.5~15.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"blam-debuginfo", rpm:"blam-debuginfo~1.8.5~15.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_10987.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_10987.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_10987.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,99 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-10987 (expat)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66195);
+ script_cve_id("CVE-2009-3720");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-10987 (expat)");
+
+ desc = "
+The remote host is missing an update to expat
+announced via advisory FEDORA-2009-10987.
+
+Update Information:
+
+This update fixes a security vulnerability:
+A buffer over-read flaw was found in the way Expat handles malformed UTF-8
+sequences when processing XML files. A specially-crafted XML file could
+cause applications using Expat to crash while parsing the file. (CVE-2009-3720)
+
+ChangeLog:
+
+* Fri Oct 30 2009 Joe Orton - 2.0.1-6.1
+- add security fix for CVE-2009-3720
+
+References:
+
+[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
+https://bugzilla.redhat.com/show_bug.cgi?id=531697
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update expat' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10987
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-10987 (expat)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~6.fc11.1", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~2.0.1~6.fc11.1", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~2.0.1~6.fc11.1", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_11029.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_11029.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_11029.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,99 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-11029 (expat)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66198);
+ script_cve_id("CVE-2009-3720");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-11029 (expat)");
+
+ desc = "
+The remote host is missing an update to expat
+announced via advisory FEDORA-2009-11029.
+
+Update Information:
+
+This update fixes a security vulnerability:
+A buffer over-read flaw was found in the way Expat handles malformed UTF-8
+sequences when processing XML files. A specially-crafted XML file could cause
+applications using Expat to crash while parsing the file. (CVE-2009-3720)
+
+ChangeLog:
+
+* Fri Oct 30 2009 Joe Orton - 2.0.1-5.1
+- add security fix for CVE-2009-3720
+
+References:
+
+[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
+https://bugzilla.redhat.com/show_bug.cgi?id=531697
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update expat' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11029
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-11029 (expat)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~5.fc10.1", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~2.0.1~5.fc10.1", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~2.0.1~5.fc10.1", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_11030.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_11030.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_11030.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,96 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-11030 (PyXML)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66199);
+ script_cve_id("CVE-2009-3720");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-11030 (PyXML)");
+
+ desc = "
+The remote host is missing an update to PyXML
+announced via advisory FEDORA-2009-11030.
+
+Update Information:
+
+Switched to using system expat library. Updated expat packages are needed to
+fully resolve this flaw.
+
+ChangeLog:
+
+* Mon Nov 2 2009 Roman Rakus - 0.8.4-16
+- Use system expat library
+* Fri Oct 30 2009 Roman Rakus - 0.8.4-15
+- Fix buffer over read
+
+References:
+
+[ 1 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
+https://bugzilla.redhat.com/show_bug.cgi?id=531697
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update PyXML' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11030
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-11030 (PyXML)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"PyXML", rpm:"PyXML~0.8.4~16.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"PyXML-debuginfo", rpm:"PyXML-debuginfo~0.8.4~16.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_11032.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_11032.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_11032.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,159 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-11032 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66200);
+ script_cve_id("CVE-2009-3547", "CVE-2009-3638", "CVE-2009-3624", "CVE-2009-3621", "CVE-2009-3620", "CVE-2009-3612", "CVE-2009-2909", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-3290", "CVE-2009-2847");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-11032 (kernel)");
+
+ desc = "
+The remote host is missing an update to kernel
+announced via advisory FEDORA-2009-11032.
+
+For details on the issues addressed in this update, please
+visit the referenced security advisories.
+
+References:
+
+[ 1 ] Bug #530490 - CVE-2009-3547 kernel: fs: pipe.c null pointer dereference
+https://bugzilla.redhat.com/show_bug.cgi?id=530490
+[ 2 ] Bug #530515 - CVE-2009-3638 kernel: kvm: integer overflow in kvm_dev_ioctl_get_supported_cpuid()
+https://bugzilla.redhat.com/show_bug.cgi?id=530515
+[ 3 ] Bug #530283 - CVE-2009-3624 kernel: get_instantiation_keyring() should inc the keyring refcount in all cases
+https://bugzilla.redhat.com/show_bug.cgi?id=530283
+[ 4 ] Bug #529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket
+https://bugzilla.redhat.com/show_bug.cgi?id=529626
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update kernel' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11032
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-11032 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i586~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i686~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc64~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~x86_64~2.6.30.9", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.30.9~96.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_11034.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_11034.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_11034.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,96 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-11034 (alienarena-data)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66201);
+ script_cve_id("CVE-2009-3637");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-11034 (alienarena-data)");
+
+ desc = "
+The remote host is missing an update to alienarena-data
+announced via advisory FEDORA-2009-11034.
+
+Data files (audio, maps, etc) for Alien Arena 2009.
+
+Update Information:
+
+Update to 7.32, fixes CVE-2009-3637.
+
+ChangeLog:
+
+* Mon Nov 2 2009 Tom spot Callaway 20091102-1
+- update to 20091102 (7.32)
+* Thu Jul 30 2009 Tom spot Callaway 20090730-1
+- update to 20090730 (7.30)
+* Fri Jul 24 2009 Fedora Release Engineering - 20090115-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+References:
+
+[ 1 ] Bug #530514 - CVE-2009-3637 alienarena: Buffer overflow by processing specially-crafted UDP reply from game server (ACE)
+https://bugzilla.redhat.com/show_bug.cgi?id=530514
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update alienarena-data' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11034
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-11034 (alienarena-data)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"alienarena-data", rpm:"alienarena-data~20091102~1.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_11038.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_11038.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_11038.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,149 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-11038 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66202);
+ script_cve_id("CVE-2009-3547", "CVE-2009-3638", "CVE-2009-3621", "CVE-2009-3620", "CVE-2009-3612", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-3290", "CVE-2009-2847", "CVE-2009-2692", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-0065", "CVE-2008-5079");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-11038 (kernel)");
+
+ desc = "
+The remote host is missing an update to kernel
+announced via advisory FEDORA-2009-11038.
+
+For details on the issues addressed with this update, please
+visit the referenced security advisories.
+
+References:
+
+[ 1 ] Bug #530490 - CVE-2009-3547 kernel: fs: pipe.c null pointer dereference
+https://bugzilla.redhat.com/show_bug.cgi?id=530490
+[ 2 ] Bug #530515 - CVE-2009-3638 kernel: kvm: integer overflow in kvm_dev_ioctl_get_supported_cpuid()
+https://bugzilla.redhat.com/show_bug.cgi?id=530515
+[ 3 ] Bug #529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket
+https://bugzilla.redhat.com/show_bug.cgi?id=529626
+[ 4 ] Bug #529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised
+https://bugzilla.redhat.com/show_bug.cgi?id=529597
+[ 5 ] Bug #528868 - CVE-2009-3612 kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
+https://bugzilla.redhat.com/show_bug.cgi?id=528868
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update kernel' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11038
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-11038 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.27.38~170.2.113.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_11066.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_11066.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_11066.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,97 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-11066 (alienarena)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66203);
+ script_cve_id("CVE-2009-3637");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-11066 (alienarena)");
+
+ desc = "
+The remote host is missing an update to alienarena
+announced via advisory FEDORA-2009-11066.
+
+Update Information:
+
+Update to 7.32, fixes CVE-2009-3637.
+
+ChangeLog:
+
+* Mon Nov 2 2009 Tom spot Callaway - 7.32-1
+- update to 7.32
+- fix CVE-2009-3637 (bugzilla 530514)
+
+References:
+
+[ 1 ] Bug #530514 - CVE-2009-3637 alienarena: Buffer overflow by processing specially-crafted UDP reply from game server (ACE)
+https://bugzilla.redhat.com/show_bug.cgi?id=530514
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update alienarena' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11066
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-11066 (alienarena)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"alienarena", rpm:"alienarena~7.32~1.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"alienarena-server", rpm:"alienarena-server~7.32~1.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"alienarena-debuginfo", rpm:"alienarena-debuginfo~7.32~1.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_9837.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_9837.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_9837.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,113 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-9837 (wireshark)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66186);
+ script_cve_id("CVE-2009-2559", "CVE-2009-2560", "CVE-2009-2561", "CVE-2009-2562", "CVE-2009-2563", "CVE-2009-3241", "CVE-2009-3242");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-9837 (wireshark)");
+
+ desc = "
+The remote host is missing an update to wireshark
+announced via advisory FEDORA-2009-9837.
+
+Update Information:
+
+Update to Wireshark 1.2.2 fixing multiple security issues:
+http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
+http://www.wireshark.org/security/wnpa-sec-2009-06.html
+
+For details, please visit the referenced security advisories.
+
+ChangeLog:
+
+* Tue Sep 22 2009 Radek Vokal - 1.2.2
+- upgrade to 1.2.2
+- http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
+
+References:
+
+[ 1 ] Bug #512953 - CVE-2009-2559 Wireshark-1.2.0: DoS (crash) due array index error in IPMI dissector
+https://bugzilla.redhat.com/show_bug.cgi?id=512953
+[ 2 ] Bug #513008 - CVE-2009-2560 Wireshark: Null-ptr dereference in the RADIUS dissector
+https://bugzilla.redhat.com/show_bug.cgi?id=513008
+[ 3 ] Bug #513033 - CVE-2009-2561 Wireshark: Dos (excessive CPU and memory use) via large amount of tree items in the sFlow dissector
+https://bugzilla.redhat.com/show_bug.cgi?id=513033
+[ 4 ] Bug #512987 - CVE-2009-2562 Wireshark: Integer overflow in the AFS dissector
+https://bugzilla.redhat.com/show_bug.cgi?id=512987
+[ 5 ] Bug #512992 - CVE-2009-2563 Wireshark: Null-ptr dereference in the InfiniBand dissector
+https://bugzilla.redhat.com/show_bug.cgi?id=512992
+[ 6 ] Bug #523987 - CVE-2009-3241 Wireshark: DoS (excessive CPU use) in OPCUA dissector
+https://bugzilla.redhat.com/show_bug.cgi?id=523987
+[ 7 ] Bug #524001 - CVE-2009-3242 Wireshark: DoS (crash) in GSM A RR dissector
+https://bugzilla.redhat.com/show_bug.cgi?id=524001
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update wireshark' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9837
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-9837 (wireshark)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.2.2~1.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wireshark-gnome", rpm:"wireshark-gnome~1.2.2~1.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wireshark-debuginfo", rpm:"wireshark-debuginfo~1.2.2~1.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_9973.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_9973.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_9973.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,88 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-9973 (BackupPC)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66137);
+ script_cve_id("CVE-2009-3369");
+ script_version ("$Revision$");
+ script_name("Fedora Core 10 FEDORA-2009-9973 (BackupPC)");
+
+ desc = "
+The remote host is missing an update to BackupPC
+announced via advisory FEDORA-2009-9973.
+
+ChangeLog:
+
+* Fri Sep 25 2009 Johan Cwiklinski 3.1.0-6
+- Fix security bug (bug #518412)
+* Fri Sep 18 2009 Johan Cwiklinski 3.1.0-5
+- Fix SELinux policy module for UserEmailInfo.pl file
+
+References:
+
+[ 1 ] Bug #518412 - CVE-2009-3369 BackupPC: Permission bypass via ClientNameAlias by using rsync data backup method
+https://bugzilla.redhat.com/show_bug.cgi?id=518412
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update BackupPC' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9973
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 10 FEDORA-2009-9973 (BackupPC)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"BackupPC", rpm:"BackupPC~3.1.0~6.fc10", rls:"FC10")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/fcore_2009_9982.nasl
===================================================================
--- trunk/openvas-plugins/scripts/fcore_2009_9982.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/fcore_2009_9982.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,88 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory FEDORA-2009-9982 (BackupPC)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66136);
+ script_cve_id("CVE-2009-3369");
+ script_version ("$Revision$");
+ script_name("Fedora Core 11 FEDORA-2009-9982 (BackupPC)");
+
+ desc = "
+The remote host is missing an update to BackupPC
+announced via advisory FEDORA-2009-9982.
+
+ChangeLog:
+
+* Fri Sep 25 2009 Johan Cwiklinski 3.1.0-7
+- Fix security bug (bug #518412)
+* Fri Sep 18 2009 Johan Cwiklinski 3.1.0-6
+- Fix SELinux policy module for UserEmailInfo.pl file
+
+References:
+
+[ 1 ] Bug #518412 - CVE-2009-3369 BackupPC: Permission bypass via ClientNameAlias by using rsync data backup method
+https://bugzilla.redhat.com/show_bug.cgi?id=518412
+
+Solution: Apply the appropriate updates.
+
+This update can be installed with the yum update program. Use
+su -c 'yum update BackupPC' at the command line.
+For more information, refer to Managing Software with yum,
+available at http://docs.fedoraproject.org/yum/.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9982
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Fedora Core 11 FEDORA-2009-9982 (BackupPC)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"BackupPC", rpm:"BackupPC~3.1.0~7.fc11", rls:"FC11")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/freebsd_ctorrent.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_ctorrent.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/freebsd_ctorrent.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,87 @@
+#
+#VID 83d7d149-b965-11de-a515-0022156e8794
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 83d7d149-b965-11de-a515-0022156e8794
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66158);
+ script_cve_id("CVE-2009-1759");
+ script_bugtraq_id(34584);
+ script_version ("$Revision$");
+ script_name("FreeBSD Ports: ctorrent");
+
+ desc = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: ctorrent
+
+CVE-2009-1759
+Stack-based buffer overflow in the btFiles::BuildFromMI function
+(trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and
+probably earlier, and CTorrent 1.3.4, allows remote attackers to cause
+a denial of service (crash) and possibly execute arbitrary code via a
+Torrent file containing a long path.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959
+http://www.vuxml.org/freebsd/83d7d149-b965-11de-a515-0022156e8794.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("FreeBSD Ports: ctorrent");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("FreeBSD Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"ctorrent");
+if(!isnull(bver) && revcomp(a:bver, b:"3.3.2_2")<0) {
+ security_note(0, data:"Package ctorrent version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/freebsd_firefox42.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_firefox42.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/freebsd_firefox42.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,115 @@
+#
+#VID c87aa2d2-c3c4-11de-ab08-000f20797ede
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID c87aa2d2-c3c4-11de-ab08-000f20797ede
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66159);
+ script_cve_id("CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383", "CVE-2009-3379", "CVE-2009-3378", "CVE-2009-3377", "CVE-2009-3376", "CVE-2009-3375", "CVE-2009-1563", "CVE-2009-3374", "CVE-2009-3373", "CVE-2009-3372", "CVE-2009-3371", "CVE-2009-3274", "CVE-2009-3370");
+ script_version ("$Revision$");
+ script_name("FreeBSD Ports: firefox");
+
+ desc = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following packages are affected:
+ firefox
+ linux-firefox
+ seamonkey
+ linux-seamonkey
+
+For details on the issues addressed with this update,
+please visit the referenced security advisories.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-54.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-53.html
+http://www.mozilla.org/security/announce/2009/mfsa2009-52.html
+http://www.vuxml.org/freebsd/c87aa2d2-c3c4-11de-ab08-000f20797ede.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("FreeBSD Ports: firefox");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("FreeBSD Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"firefox");
+if(!isnull(bver) && revcomp(a:bver, b:"3.5.*,1")>0 && revcomp(a:bver, b:"3.5.4,1")<0) {
+ security_note(0, data:"Package firefox version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+if(!isnull(bver) && revcomp(a:bver, b:"3.*,1")>0 && revcomp(a:bver, b:"3.0.15,1")<0) {
+ security_note(0, data:"Package firefox version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+bver = portver(pkg:"linux-firefox");
+if(!isnull(bver) && revcomp(a:bver, b:"3.0.15")<0) {
+ security_note(0, data:"Package linux-firefox version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+bver = portver(pkg:"seamonkey");
+if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
+ security_note(0, data:"Package seamonkey version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+bver = portver(pkg:"linux-seamonkey");
+if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
+ security_note(0, data:"Package linux-seamonkey version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/freebsd_gd1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_gd1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/freebsd_gd1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,102 @@
+#
+#VID 4e8344a3-ca52-11de-8ee8-00215c6a37bb
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 4e8344a3-ca52-11de-8ee8-00215c6a37bb
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66153);
+ script_cve_id("CVE-2009-3546");
+ script_bugtraq_id(36712);
+ script_version ("$Revision$");
+ script_name("FreeBSD Ports: gd");
+
+ desc = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following packages are affected:
+ gd
+ php5-gd
+ php4-gd
+
+CVE-2009-3546
+The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
+GD Graphics Library 2.x, does not properly verify a certain
+colorsTotal structure member, which might allow remote attackers to
+conduct buffer overflow or buffer over-read attacks via a crafted GD
+file, a different vulnerability than CVE-2009-3293. NOTE: some of
+these details are obtained from third party information.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://secunia.com/advisories/37069
+http://secunia.com/advisories/37080
+http://www.vuxml.org/freebsd/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("FreeBSD Ports: gd");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("FreeBSD Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"gd");
+if(!isnull(bver) && revcomp(a:bver, b:"2.0.35_2,1")<0) {
+ security_note(0, data:"Package gd version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+bver = portver(pkg:"php5-gd");
+if(!isnull(bver) && revcomp(a:bver, b:"5.2.11_2")<0) {
+ security_note(0, data:"Package php5-gd version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+bver = portver(pkg:"php4-gd");
+if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
+ security_note(0, data:"Package php4-gd version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/freebsd_kdebase4-runtime.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_kdebase4-runtime.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/freebsd_kdebase4-runtime.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,85 @@
+#
+#VID 6f358f5a-c7ea-11de-a9f3-0030843d3802
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 6f358f5a-c7ea-11de-a9f3-0030843d3802
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66156);
+ script_version ("$Revision$");
+ script_name("FreeBSD Ports: kdebase4-runtime");
+
+ desc = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following packages are affected:
+ kdebase4-runtime
+ kdelibs4
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://www.ocert.org/advisories/ocert-2009-015.html
+http://www.vuxml.org/freebsd/6f358f5a-c7ea-11de-a9f3-0030843d3802.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("FreeBSD Ports: kdebase4-runtime");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("FreeBSD Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"kdebase4-runtime");
+if(!isnull(bver) && revcomp(a:bver, b:"4.3.1_2")<0) {
+ security_note(0, data:"Package kdebase4-runtime version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+bver = portver(pkg:"kdelibs4");
+if(!isnull(bver) && revcomp(a:bver, b:"4.3.1_5")<0) {
+ security_note(0, data:"Package kdelibs4 version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/freebsd_opera18.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_opera18.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/freebsd_opera18.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,86 @@
+#
+#VID 2fda6bd2-c53c-11de-b157-001999392805
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 2fda6bd2-c53c-11de-b157-001999392805
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66157);
+ script_version ("$Revision$");
+ script_name("FreeBSD Ports: opera");
+
+ desc = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following packages are affected:
+ opera
+ linux-opera
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://www.opera.com/support/kb/view/938/
+http://www.opera.com/support/kb/view/939/
+http://www.vuxml.org/freebsd/2fda6bd2-c53c-11de-b157-001999392805.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("FreeBSD Ports: opera");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("FreeBSD Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"opera");
+if(!isnull(bver) && revcomp(a:bver, b:"10.01.20091019")<0) {
+ security_note(0, data:"Package opera version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+bver = portver(pkg:"linux-opera");
+if(!isnull(bver) && revcomp(a:bver, b:"10.01")<0) {
+ security_note(0, data:"Package linux-opera version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/freebsd_p5-HTML-Parser.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_p5-HTML-Parser.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/freebsd_p5-HTML-Parser.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,86 @@
+#
+#VID 68bda678-caab-11de-a97e-be89dfd1042e
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 68bda678-caab-11de-a97e-be89dfd1042e
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66152);
+ script_cve_id("CVE-2009-3627");
+ script_bugtraq_id(36807);
+ script_version ("$Revision$");
+ script_name("FreeBSD Ports: p5-HTML-Parser");
+
+ desc = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: p5-HTML-Parser
+
+CVE-2009-3627
+The decode_entities function in util.c in HTML-Parser before 3.63
+allows context-dependent attackers to cause a denial of service
+(infinite loop) via an incomplete SGML numeric character reference,
+which triggers generation of an invalid UTF-8 character.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://secunia.com/advisories/37155
+http://www.vuxml.org/freebsd/68bda678-caab-11de-a97e-be89dfd1042e.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("FreeBSD Ports: p5-HTML-Parser");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("FreeBSD Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"p5-HTML-Parser");
+if(!isnull(bver) && revcomp(a:bver, b:"3.63")<0) {
+ security_note(0, data:"Package p5-HTML-Parser version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/freebsd_typo32.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_typo32.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/freebsd_typo32.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,138 @@
+#
+#VID 6693bad2-ca50-11de-8ee8-00215c6a37bb
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 6693bad2-ca50-11de-8ee8-00215c6a37bb
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66154);
+ script_cve_id("CVE-2009-3628", "CVE-2009-3629", "CVE-2009-3630", "CVE-2009-3631", "CVE-2009-3632", "CVE-2009-3633", "CVE-2009-3634", "CVE-2009-3635", "CVE-2009-3636");
+ script_bugtraq_id(36801);
+ script_version ("$Revision$");
+ script_name("FreeBSD Ports: typo3");
+
+ desc = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: typo3
+
+CVE-2009-3628
+The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before
+4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote
+authenticated users to determine an encryption key via crafted input
+to a tt_content form element.
+
+CVE-2009-3629
+Multiple cross-site scripting (XSS) vulnerabilities in the Backend
+subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x
+before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated
+users to inject arbitrary web script or HTML via unspecified vectors.
+
+CVE-2009-3630
+The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before
+4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote
+authenticated users to place arbitrary web sites in TYPO3 backend
+framesets via crafted parameters, related to a 'frame hijacking'
+issue.
+
+CVE-2009-3631
+The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before
+4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM
+extension or ftp upload is enabled, allows remote authenticated users
+to execute arbitrary commands via shell metacharacters in a filename.
+
+CVE-2009-3632
+SQL injection vulnerability in the traditional frontend editing
+feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and
+earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before
+4.3beta2 allows remote authenticated users to execute arbitrary SQL
+commands via unspecified parameters.
+
+CVE-2009-3633
+Cross-site scripting (XSS) vulnerability in the
+t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier,
+4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2
+allows remote attackers to inject arbitrary web script or HTML via
+unspecified vectors related to the sanitizing algorithm.
+
+CVE-2009-3634
+Cross-site scripting (XSS) vulnerability in the Frontend Login Box
+(aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote
+attackers to inject arbitrary web script or HTML via unspecified
+parameters.
+
+CVE-2009-3635
+The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x
+before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows
+remote attackers to gain access by using only the password's md5 hash
+as a credential.
+
+CVE-2009-3636
+Cross-site scripting (XSS) vulnerability in the Install Tool
+subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x
+before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to
+inject arbitrary web script or HTML via unspecified parameters.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
+http://secunia.com/advisories/37122/
+http://www.vuxml.org/freebsd/6693bad2-ca50-11de-8ee8-00215c6a37bb.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("FreeBSD Ports: typo3");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("FreeBSD Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"typo3");
+if(!isnull(bver) && revcomp(a:bver, b:"4.2.10")<0) {
+ security_note(0, data:"Package typo3 version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/freebsd_vlc1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_vlc1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/freebsd_vlc1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,78 @@
+#
+#VID 3149ab1c-c8b9-11de-b87b-0011098ad87f
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 3149ab1c-c8b9-11de-b87b-0011098ad87f
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66155);
+ script_version ("$Revision$");
+ script_name("FreeBSD Ports: vlc");
+
+ desc = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: vlc
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://www.videolan.org/security/sa0901.html
+http://www.vuxml.org/freebsd/3149ab1c-c8b9-11de-b87b-0011098ad87f.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("FreeBSD Ports: vlc");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("FreeBSD Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"vlc");
+if(!isnull(bver) && revcomp(a:bver, b:"0.5.0")>=0 && revcomp(a:bver, b:"1.0.2")<0) {
+ security_note(0, data:"Package vlc version " + bver + " is installed which is known to be vulnerable.");
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/glsa_200911_01.nasl
===================================================================
--- trunk/openvas-plugins/scripts/glsa_200911_01.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/glsa_200911_01.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,97 @@
+#
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from Gentoo's XML based advisory
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+
+if(description)
+{
+ script_id(66148);
+ script_cve_id("CVE-2009-3236", "CVE-2009-3237");
+ script_version ("$Revision$");
+ script_name("Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)");
+
+ desc = "
+The remote host is missing updates announced in
+advisory GLSA 200911-01.
+
+Multiple vulnerabilities in the Horde Application Framework can allow for
+ arbitrary files to be overwritten and cross-site scripting attacks.
+
+Solution:
+All Horde users should upgrade to the latest version:
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose =www-apps/horde-3.3.5
+
+All Horde webmail users should upgrade to the latest version:
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose =www-apps/horde-webmail-1.2.4
+
+All Horde groupware users should upgrade to the latest version:
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose =www-apps/horde-groupware-1.2.4
+
+http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200911-01
+http://bugs.gentoo.org/show_bug.cgi?id=285052
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Gentoo Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/gentoo");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-gentoo.inc");
+vuln = 0;
+if(ispkgvuln(pkg:"www-apps/horde", unaffected: make_list("ge 3.3.5"), vulnerable: make_list("lt 3.3.5"))) {
+ vuln=1;
+}
+if(ispkgvuln(pkg:"www-apps/horde-webmail", unaffected: make_list("ge 1.2.4"), vulnerable: make_list("lt 1.2.4"))) {
+ vuln=1;
+}
+if(ispkgvuln(pkg:"www-apps/horde-groupware", unaffected: make_list("ge 1.2.4"), vulnerable: make_list("lt 1.2.4"))) {
+ vuln=1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/mdksa_2009_289.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mdksa_2009_289.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/mdksa_2009_289.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,991 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory MDVSA-2009:289 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66124);
+ script_cve_id("CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2908", "CVE-2009-3290");
+ script_version ("$Revision$");
+ script_name("Mandriva Security Advisory MDVSA-2009:289 (kernel)");
+
+ desc = "
+The remote host is missing an update to kernel
+announced via advisory MDVSA-2009:289.
+
+For details on the issues addressed in this update, please visit
+the referenced security advisories.
+
+To update your kernel, please follow the directions located at:
+
+http://www.mandriva.com/en/security/kernelupdate
+
+Affected: 2009.0, Enterprise Server 5.0
+
+Solution:
+To upgrade automatically use MandrakeUpdate or urpmi. The verification
+of md5 checksums and GPG signatures is performed automatically for you.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:289
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Mandriva Security Advisory MDVSA-2009:289 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"alsa_raoppcm-kernel-2.6.27.37-desktop-1mnb", rpm:"alsa_raoppcm-kernel-2.6.27.37-desktop-1mnb~0.5.1~2mdv2008.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"alsa_raoppcm-kernel-2.6.27.37-desktop586-1mnb", rpm:"alsa_raoppcm-kernel-2.6.27.37-desktop586-1mnb~0.5.1~2mdv2008.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"alsa_raoppcm-kernel-2.6.27.37-server-1mnb", rpm:"alsa_raoppcm-kernel-2.6.27.37-server-1mnb~0.5.1~2mdv2008.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"alsa_raoppcm-kernel-desktop586-latest", rpm:"alsa_raoppcm-kernel-desktop586-latest~0.5.1~1.20091013.2mdv2008.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"alsa_raoppcm-kernel-desktop-latest", rpm:"alsa_raoppcm-kernel-desktop-latest~0.5.1~1.20091013.2mdv2008.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"alsa_raoppcm-kernel-server-latest", rpm:"alsa_raoppcm-kernel-server-latest~0.5.1~1.20091013.2mdv2008.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-2.6.27.37-desktop-1mnb", rpm:"drm-experimental-kernel-2.6.27.37-desktop-1mnb~2.3.0~2.20080912.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-2.6.27.37-desktop586-1mnb", rpm:"drm-experimental-kernel-2.6.27.37-desktop586-1mnb~2.3.0~2.20080912.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-2.6.27.37-server-1mnb", rpm:"drm-experimental-kernel-2.6.27.37-server-1mnb~2.3.0~2.20080912.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-desktop586-latest", rpm:"drm-experimental-kernel-desktop586-latest~2.3.0~1.20091013.2.20080912.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-desktop-latest", rpm:"drm-experimental-kernel-desktop-latest~2.3.0~1.20091013.2.20080912.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-server-latest", rpm:"drm-experimental-kernel-server-latest~2.3.0~1.20091013.2.20080912.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"et131x-kernel-2.6.27.37-desktop-1mnb", rpm:"et131x-kernel-2.6.27.37-desktop-1mnb~1.2.3~7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"et131x-kernel-2.6.27.37-desktop586-1mnb", rpm:"et131x-kernel-2.6.27.37-desktop586-1mnb~1.2.3~7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"et131x-kernel-2.6.27.37-server-1mnb", rpm:"et131x-kernel-2.6.27.37-server-1mnb~1.2.3~7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"et131x-kernel-desktop586-latest", rpm:"et131x-kernel-desktop586-latest~1.2.3~1.20091013.7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"et131x-kernel-desktop-latest", rpm:"et131x-kernel-desktop-latest~1.2.3~1.20091013.7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"et131x-kernel-server-latest", rpm:"et131x-kernel-server-latest~1.2.3~1.20091013.7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fcpci-kernel-2.6.27.37-desktop-1mnb", rpm:"fcpci-kernel-2.6.27.37-desktop-1mnb~3.11.07~7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fcpci-kernel-2.6.27.37-desktop586-1mnb", rpm:"fcpci-kernel-2.6.27.37-desktop586-1mnb~3.11.07~7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fcpci-kernel-2.6.27.37-server-1mnb", rpm:"fcpci-kernel-2.6.27.37-server-1mnb~3.11.07~7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fcpci-kernel-desktop586-latest", rpm:"fcpci-kernel-desktop586-latest~3.11.07~1.20091013.7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fcpci-kernel-desktop-latest", rpm:"fcpci-kernel-desktop-latest~3.11.07~1.20091013.7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fcpci-kernel-server-latest", rpm:"fcpci-kernel-server-latest~3.11.07~1.20091013.7mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-2.6.27.37-desktop-1mnb", rpm:"fglrx-kernel-2.6.27.37-desktop-1mnb~8.522~3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-2.6.27.37-desktop586-1mnb", rpm:"fglrx-kernel-2.6.27.37-desktop586-1mnb~8.522~3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-2.6.27.37-server-1mnb", rpm:"fglrx-kernel-2.6.27.37-server-1mnb~8.522~3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-desktop586-latest", rpm:"fglrx-kernel-desktop586-latest~8.522~1.20091013.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-desktop-latest", rpm:"fglrx-kernel-desktop-latest~8.522~1.20091013.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-server-latest", rpm:"fglrx-kernel-server-latest~8.522~1.20091013.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnbd-kernel-2.6.27.37-desktop-1mnb", rpm:"gnbd-kernel-2.6.27.37-desktop-1mnb~2.03.07~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnbd-kernel-2.6.27.37-desktop586-1mnb", rpm:"gnbd-kernel-2.6.27.37-desktop586-1mnb~2.03.07~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnbd-kernel-2.6.27.37-server-1mnb", rpm:"gnbd-kernel-2.6.27.37-server-1mnb~2.03.07~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnbd-kernel-desktop586-latest", rpm:"gnbd-kernel-desktop586-latest~2.03.07~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnbd-kernel-desktop-latest", rpm:"gnbd-kernel-desktop-latest~2.03.07~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnbd-kernel-server-latest", rpm:"gnbd-kernel-server-latest~2.03.07~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hcfpcimodem-kernel-2.6.27.37-desktop-1mnb", rpm:"hcfpcimodem-kernel-2.6.27.37-desktop-1mnb~1.17~1.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hcfpcimodem-kernel-2.6.27.37-desktop586-1mnb", rpm:"hcfpcimodem-kernel-2.6.27.37-desktop586-1mnb~1.17~1.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hcfpcimodem-kernel-2.6.27.37-server-1mnb", rpm:"hcfpcimodem-kernel-2.6.27.37-server-1mnb~1.17~1.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hcfpcimodem-kernel-desktop586-latest", rpm:"hcfpcimodem-kernel-desktop586-latest~1.17~1.20091013.1.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hcfpcimodem-kernel-desktop-latest", rpm:"hcfpcimodem-kernel-desktop-latest~1.17~1.20091013.1.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hcfpcimodem-kernel-server-latest", rpm:"hcfpcimodem-kernel-server-latest~1.17~1.20091013.1.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hsfmodem-kernel-2.6.27.37-desktop-1mnb", rpm:"hsfmodem-kernel-2.6.27.37-desktop-1mnb~7.68.00.13~1.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hsfmodem-kernel-2.6.27.37-desktop586-1mnb", rpm:"hsfmodem-kernel-2.6.27.37-desktop586-1mnb~7.68.00.13~1.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hsfmodem-kernel-2.6.27.37-server-1mnb", rpm:"hsfmodem-kernel-2.6.27.37-server-1mnb~7.68.00.13~1.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hsfmodem-kernel-desktop586-latest", rpm:"hsfmodem-kernel-desktop586-latest~7.68.00.13~1.20091013.1.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hsfmodem-kernel-desktop-latest", rpm:"hsfmodem-kernel-desktop-latest~7.68.00.13~1.20091013.1.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hsfmodem-kernel-server-latest", rpm:"hsfmodem-kernel-server-latest~7.68.00.13~1.20091013.1.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hso-kernel-2.6.27.37-desktop-1mnb", rpm:"hso-kernel-2.6.27.37-desktop-1mnb~1.2~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hso-kernel-2.6.27.37-desktop586-1mnb", rpm:"hso-kernel-2.6.27.37-desktop586-1mnb~1.2~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hso-kernel-2.6.27.37-server-1mnb", rpm:"hso-kernel-2.6.27.37-server-1mnb~1.2~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hso-kernel-desktop586-latest", rpm:"hso-kernel-desktop586-latest~1.2~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hso-kernel-desktop-latest", rpm:"hso-kernel-desktop-latest~1.2~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"hso-kernel-server-latest", rpm:"hso-kernel-server-latest~1.2~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-2.6.27.37-desktop-1mnb", rpm:"iscsitarget-kernel-2.6.27.37-desktop-1mnb~0.4.16~4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-2.6.27.37-desktop586-1mnb", rpm:"iscsitarget-kernel-2.6.27.37-desktop586-1mnb~0.4.16~4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-2.6.27.37-server-1mnb", rpm:"iscsitarget-kernel-2.6.27.37-server-1mnb~0.4.16~4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-desktop586-latest", rpm:"iscsitarget-kernel-desktop586-latest~0.4.16~1.20091013.4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-desktop-latest", rpm:"iscsitarget-kernel-desktop-latest~0.4.16~1.20091013.4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-server-latest", rpm:"iscsitarget-kernel-server-latest~0.4.16~1.20091013.4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-2.6.27.37-1mnb", rpm:"kernel-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop-2.6.27.37-1mnb", rpm:"kernel-desktop-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop586-2.6.27.37-1mnb", rpm:"kernel-desktop586-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop586-devel-2.6.27.37-1mnb", rpm:"kernel-desktop586-devel-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop586-devel-latest", rpm:"kernel-desktop586-devel-latest~2.6.27.37~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop586-latest", rpm:"kernel-desktop586-latest~2.6.27.37~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop-devel-2.6.27.37-1mnb", rpm:"kernel-desktop-devel-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop-devel-latest", rpm:"kernel-desktop-devel-latest~2.6.27.37~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop-latest", rpm:"kernel-desktop-latest~2.6.27.37~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.27.37~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-server-2.6.27.37-1mnb", rpm:"kernel-server-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-server-devel-2.6.27.37-1mnb", rpm:"kernel-server-devel-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-server-devel-latest", rpm:"kernel-server-devel-latest~2.6.27.37~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-server-latest", rpm:"kernel-server-latest~2.6.27.37~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source-2.6.27.37-1mnb", rpm:"kernel-source-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source-latest", rpm:"kernel-source-latest~2.6.27.37~1mnb2", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-2.6.27.37-desktop-1mnb", rpm:"kqemu-kernel-2.6.27.37-desktop-1mnb~1.4.0pre1~0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-2.6.27.37-desktop586-1mnb", rpm:"kqemu-kernel-2.6.27.37-desktop586-1mnb~1.4.0pre1~0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-2.6.27.37-server-1mnb", rpm:"kqemu-kernel-2.6.27.37-server-1mnb~1.4.0pre1~0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-desktop586-latest", rpm:"kqemu-kernel-desktop586-latest~1.4.0pre1~1.20091013.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-desktop-latest", rpm:"kqemu-kernel-desktop-latest~1.4.0pre1~1.20091013.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-server-latest", rpm:"kqemu-kernel-server-latest~1.4.0pre1~1.20091013.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lirc-kernel-2.6.27.37-desktop-1mnb", rpm:"lirc-kernel-2.6.27.37-desktop-1mnb~0.8.3~4.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lirc-kernel-2.6.27.37-desktop586-1mnb", rpm:"lirc-kernel-2.6.27.37-desktop586-1mnb~0.8.3~4.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lirc-kernel-2.6.27.37-server-1mnb", rpm:"lirc-kernel-2.6.27.37-server-1mnb~0.8.3~4.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lirc-kernel-desktop586-latest", rpm:"lirc-kernel-desktop586-latest~0.8.3~1.20091013.4.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lirc-kernel-desktop-latest", rpm:"lirc-kernel-desktop-latest~0.8.3~1.20091013.4.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lirc-kernel-server-latest", rpm:"lirc-kernel-server-latest~0.8.3~1.20091013.4.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lzma-kernel-2.6.27.37-desktop-1mnb", rpm:"lzma-kernel-2.6.27.37-desktop-1mnb~4.43~24mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lzma-kernel-2.6.27.37-desktop586-1mnb", rpm:"lzma-kernel-2.6.27.37-desktop586-1mnb~4.43~24mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lzma-kernel-2.6.27.37-server-1mnb", rpm:"lzma-kernel-2.6.27.37-server-1mnb~4.43~24mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lzma-kernel-desktop586-latest", rpm:"lzma-kernel-desktop586-latest~4.43~1.20091013.24mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lzma-kernel-desktop-latest", rpm:"lzma-kernel-desktop-latest~4.43~1.20091013.24mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lzma-kernel-server-latest", rpm:"lzma-kernel-server-latest~4.43~1.20091013.24mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-2.6.27.37-desktop-1mnb", rpm:"madwifi-kernel-2.6.27.37-desktop-1mnb~0.9.4~3.r3835mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-2.6.27.37-desktop586-1mnb", rpm:"madwifi-kernel-2.6.27.37-desktop586-1mnb~0.9.4~3.r3835mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-2.6.27.37-server-1mnb", rpm:"madwifi-kernel-2.6.27.37-server-1mnb~0.9.4~3.r3835mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-desktop586-latest", rpm:"madwifi-kernel-desktop586-latest~0.9.4~1.20091013.3.r3835mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-desktop-latest", rpm:"madwifi-kernel-desktop-latest~0.9.4~1.20091013.3.r3835mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-server-latest", rpm:"madwifi-kernel-server-latest~0.9.4~1.20091013.3.r3835mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-2.6.27.37-desktop-1mnb", rpm:"nvidia173-kernel-2.6.27.37-desktop-1mnb~173.14.12~4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-2.6.27.37-desktop586-1mnb", rpm:"nvidia173-kernel-2.6.27.37-desktop586-1mnb~173.14.12~4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-desktop586-latest", rpm:"nvidia173-kernel-desktop586-latest~173.14.12~1.20091013.4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-desktop-latest", rpm:"nvidia173-kernel-desktop-latest~173.14.12~1.20091013.4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-2.6.27.37-desktop-1mnb", rpm:"nvidia71xx-kernel-2.6.27.37-desktop-1mnb~71.86.06~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-2.6.27.37-desktop586-1mnb", rpm:"nvidia71xx-kernel-2.6.27.37-desktop586-1mnb~71.86.06~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-2.6.27.37-server-1mnb", rpm:"nvidia71xx-kernel-2.6.27.37-server-1mnb~71.86.06~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-desktop586-latest", rpm:"nvidia71xx-kernel-desktop586-latest~71.86.06~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-desktop-latest", rpm:"nvidia71xx-kernel-desktop-latest~71.86.06~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-server-latest", rpm:"nvidia71xx-kernel-server-latest~71.86.06~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-2.6.27.37-desktop-1mnb", rpm:"nvidia96xx-kernel-2.6.27.37-desktop-1mnb~96.43.07~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-2.6.27.37-desktop586-1mnb", rpm:"nvidia96xx-kernel-2.6.27.37-desktop586-1mnb~96.43.07~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-2.6.27.37-server-1mnb", rpm:"nvidia96xx-kernel-2.6.27.37-server-1mnb~96.43.07~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-desktop586-latest", rpm:"nvidia96xx-kernel-desktop586-latest~96.43.07~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-desktop-latest", rpm:"nvidia96xx-kernel-desktop-latest~96.43.07~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-server-latest", rpm:"nvidia96xx-kernel-server-latest~96.43.07~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-2.6.27.37-desktop-1mnb", rpm:"nvidia-current-kernel-2.6.27.37-desktop-1mnb~177.70~2.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-2.6.27.37-desktop586-1mnb", rpm:"nvidia-current-kernel-2.6.27.37-desktop586-1mnb~177.70~2.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-2.6.27.37-server-1mnb", rpm:"nvidia-current-kernel-2.6.27.37-server-1mnb~177.70~2.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-desktop586-latest", rpm:"nvidia-current-kernel-desktop586-latest~177.70~1.20091013.2.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-desktop-latest", rpm:"nvidia-current-kernel-desktop-latest~177.70~1.20091013.2.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-server-latest", rpm:"nvidia-current-kernel-server-latest~177.70~1.20091013.2.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omfs-kernel-2.6.27.37-desktop-1mnb", rpm:"omfs-kernel-2.6.27.37-desktop-1mnb~0.8.0~1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omfs-kernel-2.6.27.37-desktop586-1mnb", rpm:"omfs-kernel-2.6.27.37-desktop586-1mnb~0.8.0~1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omfs-kernel-2.6.27.37-server-1mnb", rpm:"omfs-kernel-2.6.27.37-server-1mnb~0.8.0~1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omfs-kernel-desktop586-latest", rpm:"omfs-kernel-desktop586-latest~0.8.0~1.20091013.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omfs-kernel-desktop-latest", rpm:"omfs-kernel-desktop-latest~0.8.0~1.20091013.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omfs-kernel-server-latest", rpm:"omfs-kernel-server-latest~0.8.0~1.20091013.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omnibook-kernel-2.6.27.37-desktop-1mnb", rpm:"omnibook-kernel-2.6.27.37-desktop-1mnb~20080513~0.274.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omnibook-kernel-2.6.27.37-desktop586-1mnb", rpm:"omnibook-kernel-2.6.27.37-desktop586-1mnb~20080513~0.274.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omnibook-kernel-2.6.27.37-server-1mnb", rpm:"omnibook-kernel-2.6.27.37-server-1mnb~20080513~0.274.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omnibook-kernel-desktop586-latest", rpm:"omnibook-kernel-desktop586-latest~20080513~1.20091013.0.274.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omnibook-kernel-desktop-latest", rpm:"omnibook-kernel-desktop-latest~20080513~1.20091013.0.274.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"omnibook-kernel-server-latest", rpm:"omnibook-kernel-server-latest~20080513~1.20091013.0.274.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opencbm-kernel-2.6.27.37-desktop-1mnb", rpm:"opencbm-kernel-2.6.27.37-desktop-1mnb~0.4.2a~1mdv2008.1", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opencbm-kernel-2.6.27.37-desktop586-1mnb", rpm:"opencbm-kernel-2.6.27.37-desktop586-1mnb~0.4.2a~1mdv2008.1", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opencbm-kernel-2.6.27.37-server-1mnb", rpm:"opencbm-kernel-2.6.27.37-server-1mnb~0.4.2a~1mdv2008.1", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opencbm-kernel-desktop586-latest", rpm:"opencbm-kernel-desktop586-latest~0.4.2a~1.20091013.1mdv2008.1", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opencbm-kernel-desktop-latest", rpm:"opencbm-kernel-desktop-latest~0.4.2a~1.20091013.1mdv2008.1", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opencbm-kernel-server-latest", rpm:"opencbm-kernel-server-latest~0.4.2a~1.20091013.1mdv2008.1", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ov51x-jpeg-kernel-2.6.27.37-desktop-1mnb", rpm:"ov51x-jpeg-kernel-2.6.27.37-desktop-1mnb~1.5.9~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ov51x-jpeg-kernel-2.6.27.37-desktop586-1mnb", rpm:"ov51x-jpeg-kernel-2.6.27.37-desktop586-1mnb~1.5.9~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ov51x-jpeg-kernel-2.6.27.37-server-1mnb", rpm:"ov51x-jpeg-kernel-2.6.27.37-server-1mnb~1.5.9~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ov51x-jpeg-kernel-desktop586-latest", rpm:"ov51x-jpeg-kernel-desktop586-latest~1.5.9~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ov51x-jpeg-kernel-desktop-latest", rpm:"ov51x-jpeg-kernel-desktop-latest~1.5.9~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ov51x-jpeg-kernel-server-latest", rpm:"ov51x-jpeg-kernel-server-latest~1.5.9~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"qc-usb-kernel-2.6.27.37-desktop-1mnb", rpm:"qc-usb-kernel-2.6.27.37-desktop-1mnb~0.6.6~6mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"qc-usb-kernel-2.6.27.37-desktop586-1mnb", rpm:"qc-usb-kernel-2.6.27.37-desktop586-1mnb~0.6.6~6mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"qc-usb-kernel-2.6.27.37-server-1mnb", rpm:"qc-usb-kernel-2.6.27.37-server-1mnb~0.6.6~6mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"qc-usb-kernel-desktop586-latest", rpm:"qc-usb-kernel-desktop586-latest~0.6.6~1.20091013.6mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"qc-usb-kernel-desktop-latest", rpm:"qc-usb-kernel-desktop-latest~0.6.6~1.20091013.6mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"qc-usb-kernel-server-latest", rpm:"qc-usb-kernel-server-latest~0.6.6~1.20091013.6mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2860-kernel-2.6.27.37-desktop-1mnb", rpm:"rt2860-kernel-2.6.27.37-desktop-1mnb~1.7.0.0~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2860-kernel-2.6.27.37-desktop586-1mnb", rpm:"rt2860-kernel-2.6.27.37-desktop586-1mnb~1.7.0.0~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2860-kernel-2.6.27.37-server-1mnb", rpm:"rt2860-kernel-2.6.27.37-server-1mnb~1.7.0.0~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2860-kernel-desktop586-latest", rpm:"rt2860-kernel-desktop586-latest~1.7.0.0~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2860-kernel-desktop-latest", rpm:"rt2860-kernel-desktop-latest~1.7.0.0~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2860-kernel-server-latest", rpm:"rt2860-kernel-server-latest~1.7.0.0~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2870-kernel-2.6.27.37-desktop-1mnb", rpm:"rt2870-kernel-2.6.27.37-desktop-1mnb~1.3.1.0~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2870-kernel-2.6.27.37-desktop586-1mnb", rpm:"rt2870-kernel-2.6.27.37-desktop586-1mnb~1.3.1.0~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2870-kernel-2.6.27.37-server-1mnb", rpm:"rt2870-kernel-2.6.27.37-server-1mnb~1.3.1.0~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2870-kernel-desktop586-latest", rpm:"rt2870-kernel-desktop586-latest~1.3.1.0~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2870-kernel-desktop-latest", rpm:"rt2870-kernel-desktop-latest~1.3.1.0~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rt2870-kernel-server-latest", rpm:"rt2870-kernel-server-latest~1.3.1.0~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rtl8187se-kernel-2.6.27.37-desktop-1mnb", rpm:"rtl8187se-kernel-2.6.27.37-desktop-1mnb~1016.20080716~1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rtl8187se-kernel-2.6.27.37-desktop586-1mnb", rpm:"rtl8187se-kernel-2.6.27.37-desktop586-1mnb~1016.20080716~1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rtl8187se-kernel-2.6.27.37-server-1mnb", rpm:"rtl8187se-kernel-2.6.27.37-server-1mnb~1016.20080716~1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rtl8187se-kernel-desktop586-latest", rpm:"rtl8187se-kernel-desktop586-latest~1016.20080716~1.20091013.1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rtl8187se-kernel-desktop-latest", rpm:"rtl8187se-kernel-desktop-latest~1016.20080716~1.20091013.1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rtl8187se-kernel-server-latest", rpm:"rtl8187se-kernel-server-latest~1016.20080716~1.20091013.1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"slmodem-kernel-2.6.27.37-desktop-1mnb", rpm:"slmodem-kernel-2.6.27.37-desktop-1mnb~2.9.11~0.20080817.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"slmodem-kernel-2.6.27.37-desktop586-1mnb", rpm:"slmodem-kernel-2.6.27.37-desktop586-1mnb~2.9.11~0.20080817.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"slmodem-kernel-2.6.27.37-server-1mnb", rpm:"slmodem-kernel-2.6.27.37-server-1mnb~2.9.11~0.20080817.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"slmodem-kernel-desktop586-latest", rpm:"slmodem-kernel-desktop586-latest~2.9.11~1.20091013.0.20080817.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"slmodem-kernel-desktop-latest", rpm:"slmodem-kernel-desktop-latest~2.9.11~1.20091013.0.20080817.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"slmodem-kernel-server-latest", rpm:"slmodem-kernel-server-latest~2.9.11~1.20091013.0.20080817.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squashfs-lzma-kernel-2.6.27.37-desktop-1mnb", rpm:"squashfs-lzma-kernel-2.6.27.37-desktop-1mnb~3.3~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squashfs-lzma-kernel-2.6.27.37-desktop586-1mnb", rpm:"squashfs-lzma-kernel-2.6.27.37-desktop586-1mnb~3.3~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squashfs-lzma-kernel-2.6.27.37-server-1mnb", rpm:"squashfs-lzma-kernel-2.6.27.37-server-1mnb~3.3~5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squashfs-lzma-kernel-desktop586-latest", rpm:"squashfs-lzma-kernel-desktop586-latest~3.3~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squashfs-lzma-kernel-desktop-latest", rpm:"squashfs-lzma-kernel-desktop-latest~3.3~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squashfs-lzma-kernel-server-latest", rpm:"squashfs-lzma-kernel-server-latest~3.3~1.20091013.5mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tp_smapi-kernel-2.6.27.37-desktop-1mnb", rpm:"tp_smapi-kernel-2.6.27.37-desktop-1mnb~0.37~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tp_smapi-kernel-2.6.27.37-desktop586-1mnb", rpm:"tp_smapi-kernel-2.6.27.37-desktop586-1mnb~0.37~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tp_smapi-kernel-2.6.27.37-server-1mnb", rpm:"tp_smapi-kernel-2.6.27.37-server-1mnb~0.37~2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tp_smapi-kernel-desktop586-latest", rpm:"tp_smapi-kernel-desktop586-latest~0.37~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tp_smapi-kernel-desktop-latest", rpm:"tp_smapi-kernel-desktop-latest~0.37~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tp_smapi-kernel-server-latest", rpm:"tp_smapi-kernel-server-latest~0.37~1.20091013.2mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxadd-kernel-2.6.27.37-desktop-1mnb", rpm:"vboxadd-kernel-2.6.27.37-desktop-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxadd-kernel-2.6.27.37-desktop586-1mnb", rpm:"vboxadd-kernel-2.6.27.37-desktop586-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxadd-kernel-2.6.27.37-server-1mnb", rpm:"vboxadd-kernel-2.6.27.37-server-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxadd-kernel-desktop586-latest", rpm:"vboxadd-kernel-desktop586-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxadd-kernel-desktop-latest", rpm:"vboxadd-kernel-desktop-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxadd-kernel-server-latest", rpm:"vboxadd-kernel-server-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxvfs-kernel-2.6.27.37-desktop-1mnb", rpm:"vboxvfs-kernel-2.6.27.37-desktop-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxvfs-kernel-2.6.27.37-desktop586-1mnb", rpm:"vboxvfs-kernel-2.6.27.37-desktop586-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxvfs-kernel-2.6.27.37-server-1mnb", rpm:"vboxvfs-kernel-2.6.27.37-server-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxvfs-kernel-desktop586-latest", rpm:"vboxvfs-kernel-desktop586-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxvfs-kernel-desktop-latest", rpm:"vboxvfs-kernel-desktop-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vboxvfs-kernel-server-latest", rpm:"vboxvfs-kernel-server-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vhba-kernel-2.6.27.37-desktop-1mnb", rpm:"vhba-kernel-2.6.27.37-desktop-1mnb~1.0.0~1.svn304.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vhba-kernel-2.6.27.37-desktop586-1mnb", rpm:"vhba-kernel-2.6.27.37-desktop586-1mnb~1.0.0~1.svn304.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vhba-kernel-2.6.27.37-server-1mnb", rpm:"vhba-kernel-2.6.27.37-server-1mnb~1.0.0~1.svn304.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vhba-kernel-desktop586-latest", rpm:"vhba-kernel-desktop586-latest~1.0.0~1.20091013.1.svn304.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vhba-kernel-desktop-latest", rpm:"vhba-kernel-desktop-latest~1.0.0~1.20091013.1.svn304.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vhba-kernel-server-latest", rpm:"vhba-kernel-server-latest~1.0.0~1.20091013.1.svn304.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"virtualbox-kernel-2.6.27.37-desktop-1mnb", rpm:"virtualbox-kernel-2.6.27.37-desktop-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"virtualbox-kernel-2.6.27.37-desktop586-1mnb", rpm:"virtualbox-kernel-2.6.27.37-desktop586-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"virtualbox-kernel-2.6.27.37-server-1mnb", rpm:"virtualbox-kernel-2.6.27.37-server-1mnb~2.0.2~2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"virtualbox-kernel-desktop586-latest", rpm:"virtualbox-kernel-desktop586-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"virtualbox-kernel-desktop-latest", rpm:"virtualbox-kernel-desktop-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"virtualbox-kernel-server-latest", rpm:"virtualbox-kernel-server-latest~2.0.2~1.20091013.2.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-2.6.27.37-desktop-1mnb", rpm:"vpnclient-kernel-2.6.27.37-desktop-1mnb~4.8.01.0640~3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-2.6.27.37-desktop586-1mnb", rpm:"vpnclient-kernel-2.6.27.37-desktop586-1mnb~4.8.01.0640~3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-2.6.27.37-server-1mnb", rpm:"vpnclient-kernel-2.6.27.37-server-1mnb~4.8.01.0640~3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-desktop586-latest", rpm:"vpnclient-kernel-desktop586-latest~4.8.01.0640~1.20091013.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-desktop-latest", rpm:"vpnclient-kernel-desktop-latest~4.8.01.0640~1.20091013.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-server-latest", rpm:"vpnclient-kernel-server-latest~4.8.01.0640~1.20091013.3mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-2.6.27.37-server-1mnb", rpm:"nvidia173-kernel-2.6.27.37-server-1mnb~173.14.12~4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-server-latest", rpm:"nvidia173-kernel-server-latest~173.14.12~1.20091013.4mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-2.6.27.37-desktop-1mnb", rpm:"drm-experimental-kernel-2.6.27.37-desktop-1mnb~2.3.0~2.20080912.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-2.6.27.37-desktop586-1mnb", rpm:"drm-experimental-kernel-2.6.27.37-desktop586-1mnb~2.3.0~2.20080912.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-2.6.27.37-server-1mnb", rpm:"drm-experimental-kernel-2.6.27.37-server-1mnb~2.3.0~2.20080912.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-desktop586-latest", rpm:"drm-experimental-kernel-desktop586-latest~2.3.0~1.20091013.2.20080912.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-desktop-latest", rpm:"drm-experimental-kernel-desktop-latest~2.3.0~1.20091013.2.20080912.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"drm-experimental-kernel-server-latest", rpm:"drm-experimental-kernel-server-latest~2.3.0~1.20091013.2.20080912.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-2.6.27.37-desktop-1mnb", rpm:"fglrx-kernel-2.6.27.37-desktop-1mnb~8.522~3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-2.6.27.37-desktop586-1mnb", rpm:"fglrx-kernel-2.6.27.37-desktop586-1mnb~8.522~3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-2.6.27.37-server-1mnb", rpm:"fglrx-kernel-2.6.27.37-server-1mnb~8.522~3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-desktop586-latest", rpm:"fglrx-kernel-desktop586-latest~8.522~1.20091013.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-desktop-latest", rpm:"fglrx-kernel-desktop-latest~8.522~1.20091013.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"fglrx-kernel-server-latest", rpm:"fglrx-kernel-server-latest~8.522~1.20091013.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-2.6.27.37-desktop-1mnb", rpm:"iscsitarget-kernel-2.6.27.37-desktop-1mnb~0.4.16~4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-2.6.27.37-desktop586-1mnb", rpm:"iscsitarget-kernel-2.6.27.37-desktop586-1mnb~0.4.16~4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-2.6.27.37-server-1mnb", rpm:"iscsitarget-kernel-2.6.27.37-server-1mnb~0.4.16~4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-desktop586-latest", rpm:"iscsitarget-kernel-desktop586-latest~0.4.16~1.20091013.4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-desktop-latest", rpm:"iscsitarget-kernel-desktop-latest~0.4.16~1.20091013.4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"iscsitarget-kernel-server-latest", rpm:"iscsitarget-kernel-server-latest~0.4.16~1.20091013.4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-2.6.27.37-1mnb", rpm:"kernel-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop-2.6.27.37-1mnb", rpm:"kernel-desktop-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop586-2.6.27.37-1mnb", rpm:"kernel-desktop586-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop586-devel-2.6.27.37-1mnb", rpm:"kernel-desktop586-devel-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop586-devel-latest", rpm:"kernel-desktop586-devel-latest~2.6.27.37~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop586-latest", rpm:"kernel-desktop586-latest~2.6.27.37~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop-devel-2.6.27.37-1mnb", rpm:"kernel-desktop-devel-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop-devel-latest", rpm:"kernel-desktop-devel-latest~2.6.27.37~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-desktop-latest", rpm:"kernel-desktop-latest~2.6.27.37~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.27.37~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-server-2.6.27.37-1mnb", rpm:"kernel-server-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-server-devel-2.6.27.37-1mnb", rpm:"kernel-server-devel-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-server-devel-latest", rpm:"kernel-server-devel-latest~2.6.27.37~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-server-latest", rpm:"kernel-server-latest~2.6.27.37~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source-2.6.27.37-1mnb", rpm:"kernel-source-2.6.27.37-1mnb~1~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source-latest", rpm:"kernel-source-latest~2.6.27.37~1mnb2", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-2.6.27.37-desktop-1mnb", rpm:"kqemu-kernel-2.6.27.37-desktop-1mnb~1.4.0pre1~0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-2.6.27.37-desktop586-1mnb", rpm:"kqemu-kernel-2.6.27.37-desktop586-1mnb~1.4.0pre1~0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-2.6.27.37-server-1mnb", rpm:"kqemu-kernel-2.6.27.37-server-1mnb~1.4.0pre1~0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-desktop586-latest", rpm:"kqemu-kernel-desktop586-latest~1.4.0pre1~1.20091013.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-desktop-latest", rpm:"kqemu-kernel-desktop-latest~1.4.0pre1~1.20091013.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kqemu-kernel-server-latest", rpm:"kqemu-kernel-server-latest~1.4.0pre1~1.20091013.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-2.6.27.37-desktop-1mnb", rpm:"libafs-kernel-2.6.27.37-desktop-1mnb~1.4.7~5.2mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-2.6.27.37-desktop586-1mnb", rpm:"libafs-kernel-2.6.27.37-desktop586-1mnb~1.4.7~5.2mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-2.6.27.37-server-1mnb", rpm:"libafs-kernel-2.6.27.37-server-1mnb~1.4.7~5.2mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-desktop586-latest", rpm:"libafs-kernel-desktop586-latest~1.4.7~1.20091013.5.2mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-desktop-latest", rpm:"libafs-kernel-desktop-latest~1.4.7~1.20091013.5.2mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-server-latest", rpm:"libafs-kernel-server-latest~1.4.7~1.20091013.5.2mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-2.6.27.37-desktop-1mnb", rpm:"madwifi-kernel-2.6.27.37-desktop-1mnb~0.9.4~3.r3835mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-2.6.27.37-desktop586-1mnb", rpm:"madwifi-kernel-2.6.27.37-desktop586-1mnb~0.9.4~3.r3835mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-2.6.27.37-server-1mnb", rpm:"madwifi-kernel-2.6.27.37-server-1mnb~0.9.4~3.r3835mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-desktop586-latest", rpm:"madwifi-kernel-desktop586-latest~0.9.4~1.20091013.3.r3835mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-desktop-latest", rpm:"madwifi-kernel-desktop-latest~0.9.4~1.20091013.3.r3835mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"madwifi-kernel-server-latest", rpm:"madwifi-kernel-server-latest~0.9.4~1.20091013.3.r3835mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-2.6.27.37-desktop-1mnb", rpm:"nvidia173-kernel-2.6.27.37-desktop-1mnb~173.14.12~4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-2.6.27.37-desktop586-1mnb", rpm:"nvidia173-kernel-2.6.27.37-desktop586-1mnb~173.14.12~4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-desktop586-latest", rpm:"nvidia173-kernel-desktop586-latest~173.14.12~1.20091013.4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia173-kernel-desktop-latest", rpm:"nvidia173-kernel-desktop-latest~173.14.12~1.20091013.4mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-2.6.27.37-desktop-1mnb", rpm:"nvidia71xx-kernel-2.6.27.37-desktop-1mnb~71.86.06~5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-2.6.27.37-desktop586-1mnb", rpm:"nvidia71xx-kernel-2.6.27.37-desktop586-1mnb~71.86.06~5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-2.6.27.37-server-1mnb", rpm:"nvidia71xx-kernel-2.6.27.37-server-1mnb~71.86.06~5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-desktop586-latest", rpm:"nvidia71xx-kernel-desktop586-latest~71.86.06~1.20091013.5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-desktop-latest", rpm:"nvidia71xx-kernel-desktop-latest~71.86.06~1.20091013.5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia71xx-kernel-server-latest", rpm:"nvidia71xx-kernel-server-latest~71.86.06~1.20091013.5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-2.6.27.37-desktop-1mnb", rpm:"nvidia96xx-kernel-2.6.27.37-desktop-1mnb~96.43.07~5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-2.6.27.37-desktop586-1mnb", rpm:"nvidia96xx-kernel-2.6.27.37-desktop586-1mnb~96.43.07~5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-2.6.27.37-server-1mnb", rpm:"nvidia96xx-kernel-2.6.27.37-server-1mnb~96.43.07~5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-desktop586-latest", rpm:"nvidia96xx-kernel-desktop586-latest~96.43.07~1.20091013.5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-desktop-latest", rpm:"nvidia96xx-kernel-desktop-latest~96.43.07~1.20091013.5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia96xx-kernel-server-latest", rpm:"nvidia96xx-kernel-server-latest~96.43.07~1.20091013.5mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-2.6.27.37-desktop-1mnb", rpm:"nvidia-current-kernel-2.6.27.37-desktop-1mnb~177.70~2.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-2.6.27.37-desktop586-1mnb", rpm:"nvidia-current-kernel-2.6.27.37-desktop586-1mnb~177.70~2.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-2.6.27.37-server-1mnb", rpm:"nvidia-current-kernel-2.6.27.37-server-1mnb~177.70~2.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-desktop586-latest", rpm:"nvidia-current-kernel-desktop586-latest~177.70~1.20091013.2.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-desktop-latest", rpm:"nvidia-current-kernel-desktop-latest~177.70~1.20091013.2.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nvidia-current-kernel-server-latest", rpm:"nvidia-current-kernel-server-latest~177.70~1.20091013.2.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-2.6.27.37-desktop-1mnb", rpm:"vpnclient-kernel-2.6.27.37-desktop-1mnb~4.8.01.0640~3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-2.6.27.37-desktop586-1mnb", rpm:"vpnclient-kernel-2.6.27.37-desktop586-1mnb~4.8.01.0640~3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-2.6.27.37-server-1mnb", rpm:"vpnclient-kernel-2.6.27.37-server-1mnb~4.8.01.0640~3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-desktop586-latest", rpm:"vpnclient-kernel-desktop586-latest~4.8.01.0640~1.20091013.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-desktop-latest", rpm:"vpnclient-kernel-desktop-latest~4.8.01.0640~1.20091013.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vpnclient-kernel-server-latest", rpm:"vpnclient-kernel-server-latest~4.8.01.0640~1.20091013.3mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-2.6.27.37-desktop-1mnb", rpm:"libafs-kernel-2.6.27.37-desktop-1mnb~1.4.7~5.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-2.6.27.37-server-1mnb", rpm:"libafs-kernel-2.6.27.37-server-1mnb~1.4.7~5.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-desktop-latest", rpm:"libafs-kernel-desktop-latest~1.4.7~1.20091013.5.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libafs-kernel-server-latest", rpm:"libafs-kernel-server-latest~1.4.7~1.20091013.5.1mdv2009.0", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/mdksa_2009_290.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mdksa_2009_290.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/mdksa_2009_290.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,655 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory MDVSA-2009:290 (firefox)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66125);
+ script_cve_id("CVE-2009-1563", "CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3382");
+ script_version ("$Revision$");
+ script_name("Mandriva Security Advisory MDVSA-2009:290 (firefox)");
+
+ desc = "
+The remote host is missing an update to firefox
+announced via advisory MDVSA-2009:290.
+
+For details on the issues addressed in this update, please
+visit the referenced security advisories.
+
+This update provides the latest Mozilla Firefox 3.0.x to correct
+these issues.
+
+Additionally, some packages which require so, have been rebuilt and
+are being provided as updates.
+
+Affected: 2009.1, Enterprise Server 5.0
+
+Solution:
+To upgrade automatically use MandrakeUpdate or urpmi. The verification
+of md5 checksums and GPG signatures is performed automatically for you.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:290
+http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Mandriva Security Advisory MDVSA-2009:290 (firefox)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"beagle", rpm:"beagle~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"beagle-crawl-system", rpm:"beagle-crawl-system~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"beagle-doc", rpm:"beagle-doc~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"beagle-epiphany", rpm:"beagle-epiphany~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"beagle-evolution", rpm:"beagle-evolution~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"beagle-gui", rpm:"beagle-gui~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"beagle-gui-qt", rpm:"beagle-gui-qt~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"beagle-libs", rpm:"beagle-libs~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"epiphany", rpm:"epiphany~2.26.1~1.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"epiphany-devel", rpm:"epiphany-devel~2.26.1~1.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-af", rpm:"firefox-af~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ar", rpm:"firefox-ar~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-be", rpm:"firefox-be~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-bg", rpm:"firefox-bg~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-bn", rpm:"firefox-bn~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ca", rpm:"firefox-ca~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-cs", rpm:"firefox-cs~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-cy", rpm:"firefox-cy~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-da", rpm:"firefox-da~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-de", rpm:"firefox-de~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-el", rpm:"firefox-el~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-en_GB", rpm:"firefox-en_GB~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-eo", rpm:"firefox-eo~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-es_AR", rpm:"firefox-es_AR~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-es_ES", rpm:"firefox-es_ES~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-et", rpm:"firefox-et~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-eu", rpm:"firefox-eu~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ext-beagle", rpm:"firefox-ext-beagle~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ext-blogrovr", rpm:"firefox-ext-blogrovr~1.1.798~2.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ext-foxmarks", rpm:"firefox-ext-foxmarks~2.7.2~2.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ext-mozvoikko", rpm:"firefox-ext-mozvoikko~0.9.6~2.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ext-r-kiosk", rpm:"firefox-ext-r-kiosk~0.7.2~2.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ext-scribefire", rpm:"firefox-ext-scribefire~3.2.3~2.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-fi", rpm:"firefox-fi~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-fr", rpm:"firefox-fr~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-fy", rpm:"firefox-fy~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ga_IE", rpm:"firefox-ga_IE~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-gl", rpm:"firefox-gl~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-gu_IN", rpm:"firefox-gu_IN~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-he", rpm:"firefox-he~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-hi", rpm:"firefox-hi~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-hu", rpm:"firefox-hu~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-id", rpm:"firefox-id~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-is", rpm:"firefox-is~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-it", rpm:"firefox-it~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ja", rpm:"firefox-ja~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ka", rpm:"firefox-ka~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-kn", rpm:"firefox-kn~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ko", rpm:"firefox-ko~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ku", rpm:"firefox-ku~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-lt", rpm:"firefox-lt~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-lv", rpm:"firefox-lv~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-mk", rpm:"firefox-mk~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-mn", rpm:"firefox-mn~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-mr", rpm:"firefox-mr~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-nb_NO", rpm:"firefox-nb_NO~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-nl", rpm:"firefox-nl~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-nn_NO", rpm:"firefox-nn_NO~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-oc", rpm:"firefox-oc~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-pa_IN", rpm:"firefox-pa_IN~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-pl", rpm:"firefox-pl~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-pt_BR", rpm:"firefox-pt_BR~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-pt_PT", rpm:"firefox-pt_PT~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ro", rpm:"firefox-ro~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ru", rpm:"firefox-ru~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-si", rpm:"firefox-si~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sk", rpm:"firefox-sk~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sl", rpm:"firefox-sl~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sq", rpm:"firefox-sq~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sr", rpm:"firefox-sr~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sv_SE", rpm:"firefox-sv_SE~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-te", rpm:"firefox-te~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-th", rpm:"firefox-th~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-theme-kde4ff", rpm:"firefox-theme-kde4ff~0.14~9.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-tr", rpm:"firefox-tr~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-uk", rpm:"firefox-uk~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-zh_CN", rpm:"firefox-zh_CN~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-zh_TW", rpm:"firefox-zh_TW~3.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-extras", rpm:"gnome-python-extras~2.25.3~3.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gda", rpm:"gnome-python-gda~2.25.3~3.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gda-devel", rpm:"gnome-python-gda-devel~2.25.3~3.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gdl", rpm:"gnome-python-gdl~2.25.3~3.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gtkhtml2", rpm:"gnome-python-gtkhtml2~2.25.3~3.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gtkmozembed", rpm:"gnome-python-gtkmozembed~2.25.3~3.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gtkspell", rpm:"gnome-python-gtkspell~2.25.3~3.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"google-gadgets-common", rpm:"google-gadgets-common~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"google-gadgets-gtk", rpm:"google-gadgets-gtk~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"google-gadgets-qt", rpm:"google-gadgets-qt~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"google-gadgets-xul", rpm:"google-gadgets-xul~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libggadget1.0_0", rpm:"libggadget1.0_0~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libggadget-gtk1.0_0", rpm:"libggadget-gtk1.0_0~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libggadget-qt1.0_0", rpm:"libggadget-qt1.0_0~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libgoogle-gadgets-devel", rpm:"libgoogle-gadgets-devel~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libopensc2", rpm:"libopensc2~0.11.7~1.7mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libopensc-devel", rpm:"libopensc-devel~0.11.7~1.7mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libxulrunner1.9", rpm:"libxulrunner1.9~1.9.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libxulrunner-devel", rpm:"libxulrunner-devel~1.9.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libxulrunner-unstable-devel", rpm:"libxulrunner-unstable-devel~1.9.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-plugin-opensc", rpm:"mozilla-plugin-opensc~0.11.7~1.7mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-thunderbird-beagle", rpm:"mozilla-thunderbird-beagle~0.3.9~9.8mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opensc", rpm:"opensc~0.11.7~1.7mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"python-xpcom", rpm:"python-xpcom~1.9.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"yelp", rpm:"yelp~2.26.0~3.5mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64ggadget1.0_0", rpm:"lib64ggadget1.0_0~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64ggadget-gtk1.0_0", rpm:"lib64ggadget-gtk1.0_0~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64ggadget-qt1.0_0", rpm:"lib64ggadget-qt1.0_0~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64google-gadgets-devel", rpm:"lib64google-gadgets-devel~0.10.5~8.6mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64opensc2", rpm:"lib64opensc2~0.11.7~1.7mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64opensc-devel", rpm:"lib64opensc-devel~0.11.7~1.7mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64xulrunner1.9", rpm:"lib64xulrunner1.9~1.9.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64xulrunner-devel", rpm:"lib64xulrunner-devel~1.9.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64xulrunner-unstable-devel", rpm:"lib64xulrunner-unstable-devel~1.9.0.15~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-af", rpm:"firefox-af~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ar", rpm:"firefox-ar~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-be", rpm:"firefox-be~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-bg", rpm:"firefox-bg~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-bn", rpm:"firefox-bn~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ca", rpm:"firefox-ca~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-cs", rpm:"firefox-cs~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-cy", rpm:"firefox-cy~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-da", rpm:"firefox-da~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-de", rpm:"firefox-de~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-el", rpm:"firefox-el~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-en_GB", rpm:"firefox-en_GB~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-eo", rpm:"firefox-eo~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-es_AR", rpm:"firefox-es_AR~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-es_ES", rpm:"firefox-es_ES~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-et", rpm:"firefox-et~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-eu", rpm:"firefox-eu~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-fi", rpm:"firefox-fi~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-fr", rpm:"firefox-fr~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-fy", rpm:"firefox-fy~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ga_IE", rpm:"firefox-ga_IE~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-gl", rpm:"firefox-gl~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-gu_IN", rpm:"firefox-gu_IN~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-he", rpm:"firefox-he~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-hi", rpm:"firefox-hi~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-hu", rpm:"firefox-hu~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-id", rpm:"firefox-id~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-is", rpm:"firefox-is~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-it", rpm:"firefox-it~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ja", rpm:"firefox-ja~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ka", rpm:"firefox-ka~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-kn", rpm:"firefox-kn~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ko", rpm:"firefox-ko~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ku", rpm:"firefox-ku~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-lt", rpm:"firefox-lt~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-lv", rpm:"firefox-lv~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-mk", rpm:"firefox-mk~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-mn", rpm:"firefox-mn~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-mr", rpm:"firefox-mr~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-nb_NO", rpm:"firefox-nb_NO~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-nl", rpm:"firefox-nl~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-nn_NO", rpm:"firefox-nn_NO~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-oc", rpm:"firefox-oc~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-pa_IN", rpm:"firefox-pa_IN~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-pl", rpm:"firefox-pl~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-pt_BR", rpm:"firefox-pt_BR~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-pt_PT", rpm:"firefox-pt_PT~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ro", rpm:"firefox-ro~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-ru", rpm:"firefox-ru~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-si", rpm:"firefox-si~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sk", rpm:"firefox-sk~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sl", rpm:"firefox-sl~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sq", rpm:"firefox-sq~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sr", rpm:"firefox-sr~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-sv_SE", rpm:"firefox-sv_SE~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-te", rpm:"firefox-te~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-th", rpm:"firefox-th~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-tr", rpm:"firefox-tr~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-uk", rpm:"firefox-uk~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-zh_CN", rpm:"firefox-zh_CN~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"firefox-zh_TW", rpm:"firefox-zh_TW~3.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-extras", rpm:"gnome-python-extras~2.19.1~20.11mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gda", rpm:"gnome-python-gda~2.19.1~20.11mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gda-devel", rpm:"gnome-python-gda-devel~2.19.1~20.11mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gdl", rpm:"gnome-python-gdl~2.19.1~20.11mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gtkhtml2", rpm:"gnome-python-gtkhtml2~2.19.1~20.11mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gtkmozembed", rpm:"gnome-python-gtkmozembed~2.19.1~20.11mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"gnome-python-gtkspell", rpm:"gnome-python-gtkspell~2.19.1~20.11mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libxulrunner1.9", rpm:"libxulrunner1.9~1.9.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libxulrunner-devel", rpm:"libxulrunner-devel~1.9.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libxulrunner-unstable-devel", rpm:"libxulrunner-unstable-devel~1.9.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"yelp", rpm:"yelp~2.24.0~3.11mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64xulrunner1.9", rpm:"lib64xulrunner1.9~1.9.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64xulrunner-devel", rpm:"lib64xulrunner-devel~1.9.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64xulrunner-unstable-devel", rpm:"lib64xulrunner-unstable-devel~1.9.0.15~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/mdksa_2009_291.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mdksa_2009_291.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/mdksa_2009_291.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,105 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory MDVSA-2009:291 (jetty5)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66126);
+ script_cve_id("CVE-2009-1523");
+ script_version ("$Revision$");
+ script_name("Mandriva Security Advisory MDVSA-2009:291 (jetty5)");
+
+ desc = "
+The remote host is missing an update to jetty5
+announced via advisory MDVSA-2009:291.
+
+A vulnerability has been identified and corrected in jetty5:
+
+Directory traversal vulnerability in the HTTP server in Mort Bay
+Jetty before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows
+remote attackers to access arbitrary files via directory traversal
+sequences in the URI (CVE-2009-1523).
+
+This update fixes this vulnerability.
+
+Affected: 2009.0, 2009.1
+
+Solution:
+To upgrade automatically use MandrakeUpdate or urpmi. The verification
+of md5 checksums and GPG signatures is performed automatically for you.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:291
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Mandriva Security Advisory MDVSA-2009:291 (jetty5)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"jetty5", rpm:"jetty5~5.1.15~0.1.5.1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jetty5-demo", rpm:"jetty5-demo~5.1.15~0.1.5.1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jetty5-javadoc", rpm:"jetty5-javadoc~5.1.15~0.1.5.1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jetty5-manual", rpm:"jetty5-manual~5.1.15~0.1.5.1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jetty5", rpm:"jetty5~5.1.15~0.1.5.1.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jetty5-demo", rpm:"jetty5-demo~5.1.15~0.1.5.1.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jetty5-javadoc", rpm:"jetty5-javadoc~5.1.15~0.1.5.1.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"jetty5-manual", rpm:"jetty5-manual~5.1.15~0.1.5.1.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/mdksa_2009_292.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mdksa_2009_292.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/mdksa_2009_292.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,163 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory MDVSA-2009:292 (wireshark)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66184);
+ script_cve_id("CVE-2009-3550", "CVE-2009-3829");
+ script_version ("$Revision$");
+ script_name("Mandriva Security Advisory MDVSA-2009:292 (wireshark)");
+
+ desc = "
+The remote host is missing an update to wireshark
+announced via advisory MDVSA-2009:292.
+
+Vulnerabilities have been discovered and corrected in wireshark,
+affecting DCERPC/NT dissector, which allows remote attackers to cause
+a denial of service (NULL pointer dereference and application crash)
+via a file that records a malformed packet trace (CVE-2009-3550); and
+in wiretap/erf.c which allows remote attackers to execute arbitrary
+code or cause a denial of service (application crash) via a crafted
+erf file (CVE-2009-3829).
+
+The wireshark package has been updated to fix these vulnerabilities.
+
+Affected: 2009.1, Corporate 4.0, Enterprise Server 5.0
+
+Solution:
+To upgrade automatically use MandrakeUpdate or urpmi. The verification
+of md5 checksums and GPG signatures is performed automatically for you.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:292
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Mandriva Security Advisory MDVSA-2009:292 (wireshark)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.10~0.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.10~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.10~0.1mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/mdksa_2009_293.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mdksa_2009_293.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/mdksa_2009_293.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,110 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory MDVSA-2009:293 (squidGuard)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66185);
+ script_cve_id("CVE-2009-3700", "CVE-2009-3826");
+ script_version ("$Revision$");
+ script_name("Mandriva Security Advisory MDVSA-2009:293 (squidGuard)");
+
+ desc = "
+The remote host is missing an update to squidGuard
+announced via advisory MDVSA-2009:293.
+
+Multiple vulnerabilities has been found and corrected in squidGuard:
+
+Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
+attackers to cause a denial of service (application hang or loss of
+blocking functionality) via a long URL with many / (slash) characters,
+related to emergency mode. (CVE-2009-3700).
+
+Multiple buffer overflows in squidGuard 1.4 allow remote attackers
+to bypass intended URL blocking via a long URL, related to (1)
+the relationship between a certain buffer size in squidGuard and a
+certain buffer size in Squid and (2) a redirect URL that contains
+information about the originally requested URL (CVE-2009-3826).
+
+squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional
+upstream security and bug fixes patches applied.
+
+This update fixes these vulnerabilities.
+
+Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
+ Enterprise Server 5.0, Multi Network Firewall 2.0
+
+
+Solution:
+To upgrade automatically use MandrakeUpdate or urpmi. The verification
+of md5 checksums and GPG signatures is performed automatically for you.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:293
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Mandriva Security Advisory MDVSA-2009:293 (squidGuard)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.3~1.1mdv2009.0", rls:"MNDK_2009.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.4~1.1mdv2009.1", rls:"MNDK_2009.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.2.1~0.1.C30mdk", rls:"MNDK_3.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.2.1~0.1.20060mlcs4", rls:"MNDK_4.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.4~0.2mdvmes5", rls:"MNDK_mes5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"squidGuard", rpm:"squidGuard~1.2.1~0.1.C30mdk", rls:"MNDK_2.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Modified: trunk/openvas-plugins/scripts/ovcesa2009_1427.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1427.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1427.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,4 +1,4 @@
-#CESA-2009:1427 64900 6
+#CESA-2009:1427 64900 8
# $Id$
# Description: Auto-generated from advisory CESA-2009:1427 (fetchmail)
#
@@ -27,7 +27,7 @@
{
script_id(64900);
script_cve_id("CVE-2007-4565", "CVE-2008-2711", "CVE-2009-2666");
- script_version ("$");
+ script_version ("$Revision$");
script_name("CentOS Security Advisory CESA-2009:1427 (fetchmail)");
desc = "
Modified: trunk/openvas-plugins/scripts/ovcesa2009_1428.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1428.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1428.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,4 +1,4 @@
-#CESA-2009:1428 64901 4
+#CESA-2009:1428 64901 6
# $Id$
# Description: Auto-generated from advisory CESA-2009:1428 (xmlsec1)
#
@@ -27,7 +27,7 @@
{
script_id(64901);
script_cve_id("CVE-2009-0217");
- script_version ("$");
+ script_version ("$Revision$");
script_name("CentOS Security Advisory CESA-2009:1428 (xmlsec1)");
desc = "
Added: trunk/openvas-plugins/scripts/ovcesa2009_1451.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1451.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1451.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,84 @@
+#CESA-2009:1451 66166 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1451 (freeradius)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66166);
+ script_cve_id("CVE-2009-3111", "CVE-2003-0967");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1451 (freeradius)");
+
+ desc = "
+The remote host is missing updates to freeradius announced in
+advisory CESA-2009:1451.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1451
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1451
+https://rhn.redhat.com/errata/RHSA-2009-1451.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1451 (freeradius)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"freeradius", rpm:"freeradius~1.1.3~1.5.el5_4", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"freeradius-mysql", rpm:"freeradius-mysql~1.1.3~1.5.el5_4", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"freeradius-postgresql", rpm:"freeradius-postgresql~1.1.3~1.5.el5_4", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"freeradius-unixODBC", rpm:"freeradius-unixODBC~1.1.3~1.5.el5_4", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Modified: trunk/openvas-plugins/scripts/ovcesa2009_1452.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1452.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1452.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,4 +1,4 @@
-#CESA-2009:1452 64986 2
+#CESA-2009:1452 64986 4
# $Id$
# Description: Auto-generated from advisory CESA-2009:1452 (neon)
#
@@ -27,7 +27,7 @@
{
script_id(64986);
script_cve_id("CVE-2009-2473", "CVE-2009-2474");
- script_version ("$");
+ script_version ("$Revision$");
script_name("CentOS Security Advisory CESA-2009:1452 (neon)");
desc = "
@@ -42,6 +42,7 @@
http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1452
http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1452
+https://rhn.redhat.com/errata/RHSA-2009-1452.html
Risk factor : Medium";
@@ -71,6 +72,12 @@
if(isrpmvuln(pkg:"neon-devel", rpm:"neon-devel~0.24.7~4.el4_8.2", rls:"CentOS4")) {
vuln = 1;
}
+if(isrpmvuln(pkg:"neon", rpm:"neon~0.25.5~10.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"neon-devel", rpm:"neon-devel~0.25.5~10.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
if(vuln) {
security_hole(0);
Modified: trunk/openvas-plugins/scripts/ovcesa2009_1453.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1453.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1453.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,4 +1,4 @@
-#CESA-2009:1453 64987 2
+#CESA-2009:1453 64987 4
# $Id$
# Description: Auto-generated from advisory CESA-2009:1453 (pidgin)
#
@@ -27,7 +27,7 @@
{
script_id(64987);
script_cve_id("CVE-2009-2703", "CVE-2009-3026", "CVE-2009-3083", "CVE-2009-3085");
- script_version ("$");
+ script_version ("$Revision$");
script_name("CentOS Security Advisory CESA-2009:1453 (pidgin)");
desc = "
@@ -42,6 +42,7 @@
http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1453
http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1453
+https://rhn.redhat.com/errata/RHSA-2009-1453.html
Risk factor : Medium";
@@ -92,6 +93,33 @@
if(isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.6.2~2.el4", rls:"CentOS4")) {
vuln = 1;
}
+if(isrpmvuln(pkg:"finch", rpm:"finch~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"finch-devel", rpm:"finch-devel~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple", rpm:"libpurple~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-devel", rpm:"libpurple-devel~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-perl", rpm:"libpurple-perl~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-tcl", rpm:"libpurple-tcl~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-devel", rpm:"pidgin-devel~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.6.2~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
if(vuln) {
security_hole(0);
Added: trunk/openvas-plugins/scripts/ovcesa2009_1455.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1455.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1455.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,102 @@
+#CESA-2009:1455 66168 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1455 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66168);
+ script_cve_id("CVE-2009-2849");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1455 (kernel)");
+
+ desc = "
+The remote host is missing updates to kernel announced in
+advisory CESA-2009:1455.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1455
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1455
+https://rhn.redhat.com/errata/RHSA-2009-1455.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1455 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~164.2.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Modified: trunk/openvas-plugins/scripts/ovcesa2009_1459.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1459.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1459.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,4 +1,4 @@
-#CESA-2009:1459 64989 2
+#CESA-2009:1459 64989 4
# $Id$
# Description: Auto-generated from advisory CESA-2009:1459 (cyrus-imapd)
#
@@ -27,7 +27,7 @@
{
script_id(64989);
script_cve_id("CVE-2009-2632", "CVE-2009-3235");
- script_version ("$");
+ script_version ("$Revision$");
script_name("CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)");
desc = "
@@ -42,6 +42,7 @@
http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1459
http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1459
+https://rhn.redhat.com/errata/RHSA-2009-1459.html
Risk factor : High";
@@ -83,6 +84,18 @@
if(isrpmvuln(pkg:"perl-Cyrus", rpm:"perl-Cyrus~2.2.12~10.el4_8.4", rls:"CentOS4")) {
vuln = 1;
}
+if(isrpmvuln(pkg:"cyrus-imapd", rpm:"cyrus-imapd~2.3.7~7.el5_4.3", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd-devel", rpm:"cyrus-imapd-devel~2.3.7~7.el5_4.3", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd-perl", rpm:"cyrus-imapd-perl~2.3.7~7.el5_4.3", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd-utils", rpm:"cyrus-imapd-utils~2.3.7~7.el5_4.3", rls:"CentOS5")) {
+ vuln = 1;
+}
if(vuln) {
security_hole(0);
Modified: trunk/openvas-plugins/scripts/ovcesa2009_1463.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1463.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1463.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,4 +1,4 @@
-#CESA-2009:1463 64988 4
+#CESA-2009:1463 64988 6
# $Id$
# Description: Auto-generated from advisory CESA-2009:1463 (newt)
#
@@ -27,7 +27,7 @@
{
script_id(64988);
script_cve_id("CVE-2009-2905");
- script_version ("$");
+ script_version ("$Revision$");
script_name("CentOS Security Advisory CESA-2009:1463 (newt)");
desc = "
@@ -81,6 +81,12 @@
if(isrpmvuln(pkg:"newt-debuginfo", rpm:"newt-debuginfo~0.51.6~10.el4_8.1", rls:"CentOS4")) {
vuln = 1;
}
+if(isrpmvuln(pkg:"newt", rpm:"newt~0.52.2~12.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"newt-devel", rpm:"newt-devel~0.52.2~12.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
if(vuln) {
security_hole(0);
Added: trunk/openvas-plugins/scripts/ovcesa2009_1465.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1465.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1465.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,84 @@
+#CESA-2009:1465 66169 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1465 (kvm)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66169);
+ script_cve_id("CVE-2009-3290");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1465 (kvm)");
+
+ desc = "
+The remote host is missing updates to kvm announced in
+advisory CESA-2009:1465.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1465
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1465
+https://rhn.redhat.com/errata/RHSA-2009-1465.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1465 (kvm)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kvm", rpm:"kvm~83~105.el5_4.7", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kmod-kvm", rpm:"kmod-kvm~83~105.el5_4.7", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kvm-qemu-img", rpm:"kvm-qemu-img~83~105.el5_4.7", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kvm-tools", rpm:"kvm-tools~83~105.el5_4.7", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1470.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1470.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1470.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,84 @@
+#CESA-2009:1470 66170 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1470 (openssh)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66170);
+ script_cve_id("CVE-2009-2904");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1470 (openssh)");
+
+ desc = "
+The remote host is missing updates to openssh announced in
+advisory CESA-2009:1470.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1470
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1470
+https://rhn.redhat.com/errata/RHSA-2009-1470.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1470 (openssh)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"openssh", rpm:"openssh~4.3p2~36.el5_4.2", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"openssh-askpass", rpm:"openssh-askpass~4.3p2~36.el5_4.2", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"openssh-clients", rpm:"openssh-clients~4.3p2~36.el5_4.2", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"openssh-server", rpm:"openssh-server~4.3p2~36.el5_4.2", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Modified: trunk/openvas-plugins/scripts/ovcesa2009_1471.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1471.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1471.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,4 +1,4 @@
-#CESA-2009:1471 65754 2
+#CESA-2009:1471 65754 4
# $Id$
# Description: Auto-generated from advisory CESA-2009:1471 (elinks)
#
@@ -42,6 +42,7 @@
http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1471
http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1471
+https://rhn.redhat.com/errata/RHSA-2009-1471.html
Risk factor : High";
@@ -68,6 +69,9 @@
if(isrpmvuln(pkg:"elinks", rpm:"elinks~0.9.2~4.el4_8.1", rls:"CentOS4")) {
vuln = 1;
}
+if(isrpmvuln(pkg:"elinks", rpm:"elinks~0.11.1~6.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
if(vuln) {
security_hole(0);
Added: trunk/openvas-plugins/scripts/ovcesa2009_1472.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1472.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1472.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,81 @@
+#CESA-2009:1472 66173 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1472 (xen)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66173);
+ script_cve_id("CVE-2009-3525");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1472 (xen)");
+
+ desc = "
+The remote host is missing updates to xen announced in
+advisory CESA-2009:1472.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1472
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1472
+https://rhn.redhat.com/errata/RHSA-2009-1472.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1472 (xen)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"xen", rpm:"xen~3.0.3~94.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-devel", rpm:"xen-devel~3.0.3~94.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-libs", rpm:"xen-libs~3.0.3~94.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Modified: trunk/openvas-plugins/scripts/ovcesa2009_1484.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1484.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1484.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -1,4 +1,4 @@
-#CESA-2009:1484 65757 2
+#CESA-2009:1484 65757 4
# $Id$
# Description: Auto-generated from advisory CESA-2009:1484 (postgresql)
#
@@ -42,6 +42,7 @@
http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1484
http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1484
+https://rhn.redhat.com/errata/RHSA-2009-1484.html
Risk factor : Medium";
@@ -101,6 +102,36 @@
if(isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~7.4.26~1.el4_8.1", rls:"CentOS4")) {
vuln = 1;
}
+if(isrpmvuln(pkg:"postgresql", rpm:"postgresql~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-contrib", rpm:"postgresql-contrib~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-devel", rpm:"postgresql-devel~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-docs", rpm:"postgresql-docs~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-libs", rpm:"postgresql-libs~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-pl", rpm:"postgresql-pl~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-python", rpm:"postgresql-python~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-server", rpm:"postgresql-server~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-tcl", rpm:"postgresql-tcl~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~8.1.18~2.el5_4.1", rls:"CentOS5")) {
+ vuln = 1;
+}
if(vuln) {
security_hole(0);
Added: trunk/openvas-plugins/scripts/ovcesa2009_1502.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1502.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1502.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,78 @@
+#CESA-2009:1502 66167 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1502 (kdegraphics)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66167);
+ script_cve_id("CVE-2009-0791", "CVE-2009-1188", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1502 (kdegraphics)");
+
+ desc = "
+The remote host is missing updates to kdegraphics announced in
+advisory CESA-2009:1502.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1502
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1502
+https://rhn.redhat.com/errata/RHSA-2009-1502.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1502 (kdegraphics)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kdegraphics", rpm:"kdegraphics~3.5.4~15.el5_4.2", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kdegraphics-devel", rpm:"kdegraphics-devel~3.5.4~15.el5_4.2", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1504.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1504.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1504.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,81 @@
+#CESA-2009:1504 66172 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1504 (poppler)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66172);
+ script_cve_id("CVE-2009-3603", "CVE-2009-3608", "CVE-2009-3609");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1504 (poppler)");
+
+ desc = "
+The remote host is missing updates to poppler announced in
+advisory CESA-2009:1504.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1504
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1504
+https://rhn.redhat.com/errata/RHSA-2009-1504.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1504 (poppler)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"poppler", rpm:"poppler~0.5.4~4.4.el5_4.11", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-devel", rpm:"poppler-devel~0.5.4~4.4.el5_4.11", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"poppler-utils", rpm:"poppler-utils~0.5.4~4.4.el5_4.11", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1513.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1513.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1513.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,84 @@
+#CESA-2009:1513 66165 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1513 (cups)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66165);
+ script_cve_id("CVE-2009-3608", "CVE-2009-3609");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1513 (cups)");
+
+ desc = "
+The remote host is missing updates to cups announced in
+advisory CESA-2009:1513.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1513
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1513
+https://rhn.redhat.com/errata/RHSA-2009-1513.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1513 (cups)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"cups", rpm:"cups~1.3.7~11.el5_4.3", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.3.7~11.el5_4.3", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.3.7~11.el5_4.3", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cups-lpd", rpm:"cups-lpd~1.3.7~11.el5_4.3", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1528.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1528.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1528.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,84 @@
+#CESA-2009:1528 66160 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1528 (samba)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66160);
+ script_cve_id("CVE-2009-2906");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1528 (samba)");
+
+ desc = "
+The remote host is missing updates to samba announced in
+advisory CESA-2009:1528.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1528
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1528
+https://rhn.redhat.com/errata/RHSA-2009-1528.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1528 (samba)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.9~1.3E.16", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.9~1.3E.16", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.9~1.3E.16", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.9~1.3E.16", rls:"CentOS3")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1529.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1529.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1529.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,96 @@
+#CESA-2009:1529 66161 4
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1529 (samba)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66161);
+ script_cve_id("CVE-2009-1888", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1529 (samba)");
+
+ desc = "
+The remote host is missing updates to samba announced in
+advisory CESA-2009:1529.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1529
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1529
+https://rhn.redhat.com/errata/RHSA-2009-1529.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1529 (samba)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~0.18.el4_8", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~0.18.el4_8", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~0.18.el4_8", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~0.18.el4_8", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~3.15.el5_4", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~3.15.el5_4", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~3.15.el5_4", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~3.15.el5_4", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1530.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1530.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1530.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,81 @@
+#CESA-2009:1530 66163 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1530 (firefox)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66163);
+ script_cve_id("CVE-2009-1563", "CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3382");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1530 (firefox)");
+
+ desc = "
+The remote host is missing updates to firefox announced in
+advisory CESA-2009:1530.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1530
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1530
+https://rhn.redhat.com/errata/RHSA-2009-1530.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1530 (firefox)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.0.15~3.el4.centos", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nspr", rpm:"nspr~4.7.6~1.el4_8", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"nspr-devel", rpm:"nspr-devel~4.7.6~1.el4_8", rls:"CentOS4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1531.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1531.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1531.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,120 @@
+#CESA-2009:1531 66162 4
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1531 (seamonkey)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66162);
+ script_cve_id("CVE-2009-1563", "CVE-2009-3274", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1531 (seamonkey)");
+
+ desc = "
+The remote host is missing updates to seamonkey announced in
+advisory CESA-2009:1531.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1531
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1531
+https://rhn.redhat.com/errata/RHSA-2009-1531.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1531 (seamonkey)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~0.47.el3.centos3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~50.el4.centos", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~50.el4.centos", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~50.el4.centos", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~50.el4.centos", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~50.el4.centos", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~50.el4.centos", rls:"CentOS4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1535.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1535.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1535.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,75 @@
+#CESA-2009:1535 66164 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1535 (pidgin)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66164);
+ script_cve_id("CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3615");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1535 (pidgin)");
+
+ desc = "
+The remote host is missing updates to pidgin announced in
+advisory CESA-2009:1535.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1535
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1535
+https://rhn.redhat.com/errata/RHSA-2009-1535.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1535 (pidgin)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~1.5.1~6.el3", rls:"CentOS3")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1536.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1536.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1536.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,126 @@
+#CESA-2009:1536 66171 4
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1536 (pidgin)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66171);
+ script_cve_id("CVE-2009-3615");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1536 (pidgin)");
+
+ desc = "
+The remote host is missing updates to pidgin announced in
+advisory CESA-2009:1536.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1536
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1536
+https://rhn.redhat.com/errata/RHSA-2009-1536.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1536 (pidgin)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"finch", rpm:"finch~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"finch-devel", rpm:"finch-devel~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple", rpm:"libpurple~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-devel", rpm:"libpurple-devel~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-perl", rpm:"libpurple-perl~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-tcl", rpm:"libpurple-tcl~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-devel", rpm:"pidgin-devel~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.6.3~2.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"finch", rpm:"finch~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"finch-devel", rpm:"finch-devel~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple", rpm:"libpurple~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-devel", rpm:"libpurple-devel~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-perl", rpm:"libpurple-perl~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libpurple-tcl", rpm:"libpurple-tcl~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin", rpm:"pidgin~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-devel", rpm:"pidgin-devel~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.6.3~2.el4", rls:"CentOS4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1541.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1541.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1541.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,105 @@
+#CESA-2009:1541 66218 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1541 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66218);
+ script_cve_id("CVE-2009-3547");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1541 (kernel)");
+
+ desc = "
+The remote host is missing updates to kernel announced in
+advisory CESA-2009:1541.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1541
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1541
+https://rhn.redhat.com/errata/RHSA-2009-1541.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1541 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-hugemem-devel", rpm:"kernel-hugemem-devel~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xenU", rpm:"kernel-xenU~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xenU-devel", rpm:"kernel-xenU-devel~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-largesmp", rpm:"kernel-largesmp~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-largesmp-devel", rpm:"kernel-largesmp-devel~2.6.9~89.0.16.EL", rls:"CentOS4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1548.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1548.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1548.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,102 @@
+#CESA-2009:1548 66219 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1548 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66219);
+ script_cve_id("CVE-2009-2695", "CVE-2009-2908", "CVE-2009-3228", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3613");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1548 (kernel)");
+
+ desc = "
+The remote host is missing updates to kernel announced in
+advisory CESA-2009:1548.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1548
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1548
+https://rhn.redhat.com/errata/RHSA-2009-1548.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1548 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~164.6.1.el5", rls:"CentOS5")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1549.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1549.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1549.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,78 @@
+#CESA-2009:1549 66220 4
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1549 (wget)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66220);
+ script_cve_id("CVE-2009-3490");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1549 (wget)");
+
+ desc = "
+The remote host is missing updates to wget announced in
+advisory CESA-2009:1549.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1549
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1549
+https://rhn.redhat.com/errata/RHSA-2009-1549.html
+
+Risk factor : Medium";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1549 (wget)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"wget", rpm:"wget~1.10.2~0.30E.1", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"wget", rpm:"wget~1.10.2~1.el4_8.1", rls:"CentOS4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1550.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1550.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1550.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,99 @@
+#CESA-2009:1550 66217 2
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1550 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66217);
+ script_cve_id("CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2848", "CVE-2009-3002", "CVE-2009-3547", "CVE-2009-3001");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1550 (kernel)");
+
+ desc = "
+The remote host is missing updates to kernel announced in
+advisory CESA-2009:1550.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1550
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1550
+https://rhn.redhat.com/errata/RHSA-2009-1550.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1550 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-BOOT", rpm:"kernel-BOOT~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-hugemem-unsupported", rpm:"kernel-hugemem-unsupported~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-smp-unsupported", rpm:"kernel-smp-unsupported~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-unsupported", rpm:"kernel-unsupported~2.4.21~63.EL", rls:"CentOS3")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ovcesa2009_1561.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ovcesa2009_1561.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ovcesa2009_1561.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,84 @@
+#CESA-2009:1561 66221 4
+# $Id$
+# Description: Auto-generated from advisory CESA-2009:1561 (libvorbis)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66221);
+ script_cve_id("CVE-2009-3379");
+ script_version ("$Revision$");
+ script_name("CentOS Security Advisory CESA-2009:1561 (libvorbis)");
+
+ desc = "
+The remote host is missing updates to libvorbis announced in
+advisory CESA-2009:1561.
+
+For details on the issues addressed in this update,
+please visit the referenced security advisories.
+
+Solution:
+Update the appropriate packages on your system.
+
+http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1561
+http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1561
+https://rhn.redhat.com/errata/RHSA-2009-1561.html
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("CentOS Security Advisory CESA-2009:1561 (libvorbis)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.0~12.el3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.0~12.el3", rls:"CentOS3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis", rpm:"libvorbis~1.1.0~3.el4_8.3", rls:"CentOS4")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvorbis-devel", rpm:"libvorbis-devel~1.1.0~3.el4_8.3", rls:"CentOS4")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles10_MozillaFirefox7.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles10_MozillaFirefox7.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles10_MozillaFirefox7.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,95 @@
+#
+#VID slesp2-MozillaFirefox-6606
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for Mozilla Firefox
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66232);
+ script_cve_id("CVE-2009-3370", "CVE-2009-3274", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-1563", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3377", "CVE-2009-3379", "CVE-2009-3378", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383");
+ script_version ("$Revision$");
+ script_name("SLES10: Security update for Mozilla Firefox");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ MozillaFirefox
+ MozillaFirefox-translations
+ mozilla-xulrunner191
+ mozilla-xulrunner191-gnomevfs
+ mozilla-xulrunner191-translations
+
+
+More details may also be found by searching for the SuSE
+Enterprise Server 10 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES10: Security update for Mozilla Firefox");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.5.4~1.4.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~3.5.4~1.4.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner191", rpm:"mozilla-xulrunner191~1.9.1.4~2.4.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs", rpm:"mozilla-xulrunner191-gnomevfs~1.9.1.4~2.4.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner191-translations", rpm:"mozilla-xulrunner191-translations~1.9.1.4~2.4.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles10_cyrus-imapd0.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles10_cyrus-imapd0.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles10_cyrus-imapd0.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,91 @@
+#
+#VID slesp2-cyrus-imapd-6509
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for Cyrus IMAPD
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66233);
+ script_cve_id("CVE-2009-3235");
+ script_version ("$Revision$");
+ script_name("SLES10: Security update for Cyrus IMAPD");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ cyrus-imapd
+ cyrus-imapd-devel
+ perl-Cyrus-IMAP
+ perl-Cyrus-SIEVE-managesieve
+
+
+More details may also be found by searching for the SuSE
+Enterprise Server 10 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES10: Security update for Cyrus IMAPD");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"cyrus-imapd", rpm:"cyrus-imapd~2.2.12~27.13.4", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd-devel", rpm:"cyrus-imapd-devel~2.2.12~27.13.4", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-IMAP", rpm:"perl-Cyrus-IMAP~2.2.12~27.13.4", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-SIEVE-managesieve", rpm:"perl-Cyrus-SIEVE-managesieve~2.2.12~27.13.4", rls:"SLES10.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles10_mozilla-nspr0.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles10_mozilla-nspr0.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles10_mozilla-nspr0.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,83 @@
+#
+#VID slesp2-mozilla-nspr-6630
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for mozilla-nspr
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66236);
+ script_cve_id("CVE-2009-1563");
+ script_version ("$Revision$");
+ script_name("SLES10: Security update for mozilla-nspr");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ mozilla-nspr
+ mozilla-nspr-devel
+
+
+More details may also be found by searching for the SuSE
+Enterprise Server 10 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES10: Security update for mozilla-nspr");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"mozilla-nspr", rpm:"mozilla-nspr~4.8.2~1.5.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-nspr-devel", rpm:"mozilla-nspr-devel~4.8.2~1.5.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles10_mozilla-xulrunn0.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles10_mozilla-xulrunn0.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles10_mozilla-xulrunn0.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,87 @@
+#
+#VID slesp2-mozilla-xulrunner190-6616
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for Mozilla XULRunner
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66237);
+ script_cve_id("CVE-2009-3370", "CVE-2009-3274", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-1563", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383");
+ script_version ("$Revision$");
+ script_name("SLES10: Security update for Mozilla XULRunner");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ mozilla-xulrunner190
+ mozilla-xulrunner190-gnomevfs
+ mozilla-xulrunner190-translations
+
+
+More details may also be found by searching for the SuSE
+Enterprise Server 10 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES10: Security update for Mozilla XULRunner");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"mozilla-xulrunner190", rpm:"mozilla-xulrunner190~1.9.0.15~0.4.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs", rpm:"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.4.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations", rpm:"mozilla-xulrunner190-translations~1.9.0.15~0.4.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles10_neon.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles10_neon.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles10_neon.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,79 @@
+#
+#VID slesp2-neon-6548
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for neon
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66235);
+ script_cve_id("CVE-2009-2408", "CVE-2009-2473");
+ script_version ("$Revision$");
+ script_name("SLES10: Security update for neon");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ neon
+
+
+More details may also be found by searching for the SuSE
+Enterprise Server 10 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES10: Security update for neon");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"neon", rpm:"neon~0.24.7~20.8.1", rls:"SLES10.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles10_xpdf2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles10_xpdf2.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles10_xpdf2.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,79 @@
+#
+#VID slesp2-xpdf-6556
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for xpdf
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66234);
+ script_cve_id("CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609");
+ script_version ("$Revision$");
+ script_name("SLES10: Security update for xpdf");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ xpdf-tools
+
+
+More details may also be found by searching for the SuSE
+Enterprise Server 10 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES10: Security update for xpdf");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"xpdf-tools", rpm:"xpdf-tools~3.01~21.22.2", rls:"SLES10.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles11_MozillaFirefox7.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles11_MozillaFirefox7.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles11_MozillaFirefox7.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,97 @@
+#
+#VID 49179a9289fbe778bc2320690c17d088
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for Mozilla Firefox
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66228);
+ script_cve_id("CVE-2009-3370", "CVE-2009-3274", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-1563", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3377", "CVE-2009-3379", "CVE-2009-3378", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383");
+ script_version ("$Revision$");
+ script_name("SLES11: Security update for Mozilla Firefox");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ MozillaFirefox
+ MozillaFirefox-translations
+ mozilla-xulrunner191
+ mozilla-xulrunner191-gnomevfs
+ mozilla-xulrunner191-translations
+
+References:
+ https://bugzilla.novell.com/show_bug.cgi?id=545277
+
+More details may also be found by searching for the SuSE
+Enterprise Server 11 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES11: Security update for Mozilla Firefox");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.5.4~1.1.2", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~3.5.4~1.1.2", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner191", rpm:"mozilla-xulrunner191~1.9.1.4~2.1.3", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs", rpm:"mozilla-xulrunner191-gnomevfs~1.9.1.4~2.1.3", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner191-translations", rpm:"mozilla-xulrunner191-translations~1.9.1.4~2.1.3", rls:"SLES11.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles11_cyrus-imapd0.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles11_cyrus-imapd0.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles11_cyrus-imapd0.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,89 @@
+#
+#VID 6cb1abd475b993f09a98d4a2191bb23f
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for Cyrus IMAPD
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66226);
+ script_cve_id("CVE-2009-3235");
+ script_version ("$Revision$");
+ script_name("SLES11: Security update for Cyrus IMAPD");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ cyrus-imapd
+ perl-Cyrus-IMAP
+ perl-Cyrus-SIEVE-managesieve
+
+References:
+ https://bugzilla.novell.com/show_bug.cgi?id=539877
+
+More details may also be found by searching for the SuSE
+Enterprise Server 11 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES11: Security update for Cyrus IMAPD");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"cyrus-imapd", rpm:"cyrus-imapd~2.3.11~60.21.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-IMAP", rpm:"perl-Cyrus-IMAP~2.3.11~60.21.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-SIEVE-managesieve", rpm:"perl-Cyrus-SIEVE-managesieve~2.3.11~60.21.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def3.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def3.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def3.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,169 @@
+#
+#VID 180ffe58c62210bba55d0af594f5207f
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for Linux kernel
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66227);
+ script_cve_id("CVE-2009-2909", "CVE-2009-3002", "CVE-2009-2910");
+ script_version ("$Revision$");
+ script_name("SLES11: Security update for Linux kernel");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ ext4dev-kmp-default
+ ext4dev-kmp-pae
+ ext4dev-kmp-vmi
+ ext4dev-kmp-xen
+ kernel-default
+ kernel-default-base
+ kernel-pae
+ kernel-pae-base
+ kernel-source
+ kernel-syms
+ kernel-vmi
+ kernel-vmi-base
+ kernel-xen
+ kernel-xen-base
+
+References:
+ https://bugzilla.novell.com/show_bug.cgi?id=410452
+ https://bugzilla.novell.com/show_bug.cgi?id=441650
+ https://bugzilla.novell.com/show_bug.cgi?id=448410
+ https://bugzilla.novell.com/show_bug.cgi?id=459146
+ https://bugzilla.novell.com/show_bug.cgi?id=466554
+ https://bugzilla.novell.com/show_bug.cgi?id=471396
+ https://bugzilla.novell.com/show_bug.cgi?id=472342
+ https://bugzilla.novell.com/show_bug.cgi?id=476582
+ https://bugzilla.novell.com/show_bug.cgi?id=477816
+ https://bugzilla.novell.com/show_bug.cgi?id=483375
+ https://bugzilla.novell.com/show_bug.cgi?id=483706
+ https://bugzilla.novell.com/show_bug.cgi?id=487412
+ https://bugzilla.novell.com/show_bug.cgi?id=490030
+ https://bugzilla.novell.com/show_bug.cgi?id=492547
+ https://bugzilla.novell.com/show_bug.cgi?id=498708
+ https://bugzilla.novell.com/show_bug.cgi?id=501563
+ https://bugzilla.novell.com/show_bug.cgi?id=504646
+ https://bugzilla.novell.com/show_bug.cgi?id=509753
+ https://bugzilla.novell.com/show_bug.cgi?id=511306
+ https://bugzilla.novell.com/show_bug.cgi?id=514022
+ https://bugzilla.novell.com/show_bug.cgi?id=515640
+ https://bugzilla.novell.com/show_bug.cgi?id=524242
+ https://bugzilla.novell.com/show_bug.cgi?id=527754
+ https://bugzilla.novell.com/show_bug.cgi?id=528769
+ https://bugzilla.novell.com/show_bug.cgi?id=531260
+ https://bugzilla.novell.com/show_bug.cgi?id=531384
+ https://bugzilla.novell.com/show_bug.cgi?id=531437
+ https://bugzilla.novell.com/show_bug.cgi?id=531533
+ https://bugzilla.novell.com/show_bug.cgi?id=531633
+ https://bugzilla.novell.com/show_bug.cgi?id=532063
+ https://bugzilla.novell.com/show_bug.cgi?id=532443
+ https://bugzilla.novell.com/show_bug.cgi?id=532598
+ https://bugzilla.novell.com/show_bug.cgi?id=533267
+ https://bugzilla.novell.com/show_bug.cgi?id=533267
+ https://bugzilla.novell.com/show_bug.cgi?id=534065
+ https://bugzilla.novell.com/show_bug.cgi?id=534202
+ https://bugzilla.novell.com/show_bug.cgi?id=534214
+
+More details may also be found by searching for the SuSE
+Enterprise Server 11 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES11: Security update for Linux kernel");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"ext4dev-kmp-default", rpm:"ext4dev-kmp-default~0_2.6.27.37_0.1~7.1.18", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ext4dev-kmp-pae", rpm:"ext4dev-kmp-pae~0_2.6.27.37_0.1~7.1.18", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ext4dev-kmp-vmi", rpm:"ext4dev-kmp-vmi~0_2.6.27.37_0.1~7.1.18", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"ext4dev-kmp-xen", rpm:"ext4dev-kmp-xen~0_2.6.27.37_0.1~7.1.18", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae-base", rpm:"kernel-pae-base~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-vmi", rpm:"kernel-vmi~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-vmi-base", rpm:"kernel-vmi-base~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~2.6.27.37~0.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles11_java-1_6_0-ibm1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles11_java-1_6_0-ibm1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles11_java-1_6_0-ibm1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,97 @@
+#
+#VID 27428b62b5ccd6ac2929bae4bea6f2dd
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for IBM Java 1.6.0
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66230);
+ script_cve_id("CVE-2009-2676", "CVE-2009-2493", "CVE-2009-2670", "CVE-2009-0217", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2625");
+ script_version ("$Revision$");
+ script_name("SLES11: Security update for IBM Java 1.6.0");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ java-1_6_0-ibm
+ java-1_6_0-ibm-alsa
+ java-1_6_0-ibm-fonts
+ java-1_6_0-ibm-jdbc
+ java-1_6_0-ibm-plugin
+
+References:
+ https://bugzilla.novell.com/show_bug.cgi?id=548655
+
+More details may also be found by searching for the SuSE
+Enterprise Server 11 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES11: Security update for IBM Java 1.6.0");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"java-1_6_0-ibm", rpm:"java-1_6_0-ibm~1.6.0_sr6~1.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_6_0-ibm-alsa", rpm:"java-1_6_0-ibm-alsa~1.6.0_sr6~1.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_6_0-ibm-fonts", rpm:"java-1_6_0-ibm-fonts~1.6.0_sr6~1.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_6_0-ibm-jdbc", rpm:"java-1_6_0-ibm-jdbc~1.6.0_sr6~1.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_6_0-ibm-plugin", rpm:"java-1_6_0-ibm-plugin~1.6.0_sr6~1.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles11_libneon27.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles11_libneon27.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles11_libneon27.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,86 @@
+#
+#VID db036d6c88b93b6c89d6d75d9b617dce
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for libneon
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66225);
+ script_cve_id("CVE-2009-2408", "CVE-2009-2473");
+ script_version ("$Revision$");
+ script_name("SLES11: Security update for libneon");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ libneon27
+ neon
+
+References:
+ https://bugzilla.novell.com/show_bug.cgi?id=528370
+ https://bugzilla.novell.com/show_bug.cgi?id=532345
+
+More details may also be found by searching for the SuSE
+Enterprise Server 11 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES11: Security update for libneon");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"libneon27", rpm:"libneon27~0.28.3~2.12.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"neon", rpm:"neon~0.28.3~2.12.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles11_mozilla-nspr.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles11_mozilla-nspr.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles11_mozilla-nspr.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,81 @@
+#
+#VID ea83feacee19ffa926f0205c68b1bb6b
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for Mozilla
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66231);
+ script_cve_id("CVE-2009-1563");
+ script_version ("$Revision$");
+ script_name("SLES11: Security update for Mozilla");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ mozilla-nspr
+
+References:
+ https://bugzilla.novell.com/show_bug.cgi?id=546371
+
+More details may also be found by searching for the SuSE
+Enterprise Server 11 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES11: Security update for Mozilla");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"mozilla-nspr", rpm:"mozilla-nspr~4.8.2~1.1.1", rls:"SLES11.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles11_mozilla-xulrunn1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles11_mozilla-xulrunn1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles11_mozilla-xulrunn1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,89 @@
+#
+#VID 04c6e38838a85fc92531b3e56904b052
+# OpenVAS Vulnerability Test
+# $
+# Description: Security update for Mozilla XULRunner
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66229);
+ script_cve_id("CVE-2009-3370", "CVE-2009-3274", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-1563", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383");
+ script_version ("$Revision$");
+ script_name("SLES11: Security update for Mozilla XULRunner");
+
+ desc = "The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ mozilla-xulrunner190
+ mozilla-xulrunner190-gnomevfs
+ mozilla-xulrunner190-translations
+
+References:
+ https://bugzilla.novell.com/show_bug.cgi?id=545277
+
+More details may also be found by searching for the SuSE
+Enterprise Server 11 patch database located at
+http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES11: Security update for Mozilla XULRunner");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"mozilla-xulrunner190", rpm:"mozilla-xulrunner190~1.9.0.15~0.1.2", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs", rpm:"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1.2", rls:"SLES11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations", rpm:"mozilla-xulrunner190-translations~1.9.0.15~0.1.2", rls:"SLES11.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles9p5061160.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles9p5061160.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles9p5061160.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,84 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Security update for Cyrus IMAPD
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66222);
+ script_cve_id("CVE-2009-3235");
+ script_version ("$Revision$");
+ script_name("SLES9: Security update for Cyrus IMAPD");
+
+ desc = "
+The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ cyrus-imapd
+ cyrus-imapd-devel
+ perl-Cyrus-IMAP
+ perl-Cyrus-SIEVE-managesieve
+
+For more information, please visit the referenced security
+advisories.
+
+More details may also be found by searching for keyword
+5061160 within the SuSE Enterprise Server 9 patch
+database at http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES9: Security update for Cyrus IMAPD");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"cyrus-imapd", rpm:"cyrus-imapd~2.2.3~83.42", rls:"SLES9.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles9p5061735.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles9p5061735.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles9p5061735.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,78 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Security update for sapinit
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66224);
+ script_version ("$Revision$");
+ script_name("SLES9: Security update for sapinit");
+
+ desc = "
+The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ sapinit
+
+
+More details may also be found by searching for keyword
+5061735 within the SuSE Enterprise Server 9 patch
+database at http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES9: Security update for sapinit");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"sapinit", rpm:"sapinit~3.0~1.7", rls:"SLES9.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/sles9p5061983.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sles9p5061983.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/sles9p5061983.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,85 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Security update for glibc and timezone
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66223);
+ script_version ("$Revision$");
+ script_name("SLES9: Security update for glibc and timezone");
+
+ desc = "
+The remote host is missing updates to packages that affect
+the security of your system. One or more of the following packages
+are affected:
+
+ glibc
+ glibc-devel
+ glibc-html
+ glibc-i18ndata
+ glibc-info
+ glibc-locale
+ glibc-profile
+ nscd
+ timezone
+
+More details may also be found by searching for keyword
+5061983 within the SuSE Enterprise Server 9 patch
+database at http://download.novell.com/patch/finder/
+
+Solution:
+
+Please install the updates provided by SuSE.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SLES9: Security update for glibc and timezone");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"glibc", rpm:"glibc~2.3.3~98.107", rls:"SLES9.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/suse_sa_2009_051.nasl
===================================================================
--- trunk/openvas-plugins/scripts/suse_sa_2009_051.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/suse_sa_2009_051.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,230 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory SUSE-SA:2009:051 (kernel)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66213);
+ script_cve_id("CVE-2009-2909", "CVE-2009-2910", "CVE-2009-3002");
+ script_version ("$Revision$");
+ script_name("SuSE Security Advisory SUSE-SA:2009:051 (kernel)");
+
+ desc = "
+The remote host is missing updates announced in
+advisory SUSE-SA:2009:051.
+
+The SUSE Linux Enterprise 11 and openSUSE 11.1 kernel was updated to
+2.6.27.37 fixing various bugs and security issues.
+
+Following security issues were fixed:
+CVE-2009-2909: Unsigned check in the ax25 socket handler could allow
+local attackers to potentially crash the kernel or even execute code.
+
+CVE-2009-3002: Fixed various socket handler getname leaks, which
+could disclose memory previously used by the kernel or other userland
+processes to the local attacker.
+
+CVE-2009-2910: An information leakage with upper 32bit register values
+on x86_64 systems was fixed.
+
+Various KVM stability and security fixes have also been added.
+
+Solution:
+Update your system with the packages as indicated in
+the referenced security advisory.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:051
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SuSE Security Advisory SUSE-SA:2009:051 (kernel)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-debugsource", rpm:"kernel-debug-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ec2-debuginfo", rpm:"kernel-ec2-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ec2-debugsource", rpm:"kernel-ec2-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae-debuginfo", rpm:"kernel-pae-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae-debugsource", rpm:"kernel-pae-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source-debuginfo", rpm:"kernel-source-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-trace-debuginfo", rpm:"kernel-trace-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-trace-debugsource", rpm:"kernel-trace-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-vanilla-debuginfo", rpm:"kernel-vanilla-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-vanilla-debugsource", rpm:"kernel-vanilla-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-debugsource", rpm:"kernel-xen-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-base", rpm:"kernel-debug-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-extra", rpm:"kernel-debug-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default-extra", rpm:"kernel-default-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ec2", rpm:"kernel-ec2~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ec2-base", rpm:"kernel-ec2-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ec2-extra", rpm:"kernel-ec2-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae-base", rpm:"kernel-pae-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae-extra", rpm:"kernel-pae-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-trace", rpm:"kernel-trace~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-trace-base", rpm:"kernel-trace-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-trace-extra", rpm:"kernel-trace-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-vanilla", rpm:"kernel-vanilla~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-extra", rpm:"kernel-xen-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-docs", rpm:"kernel-docs~2.6.3~3.13.55", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-kdump-debuginfo", rpm:"kernel-kdump-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-kdump-debugsource", rpm:"kernel-kdump-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ppc64-debuginfo", rpm:"kernel-ppc64-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ppc64-debugsource", rpm:"kernel-ppc64-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ps3-debuginfo", rpm:"kernel-ps3-debuginfo~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ps3-debugsource", rpm:"kernel-ps3-debugsource~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-kdump", rpm:"kernel-kdump~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ppc64", rpm:"kernel-ppc64~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ppc64-base", rpm:"kernel-ppc64-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ppc64-extra", rpm:"kernel-ppc64-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ps3", rpm:"kernel-ps3~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/suse_sa_2009_052.nasl
===================================================================
--- trunk/openvas-plugins/scripts/suse_sa_2009_052.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/suse_sa_2009_052.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,172 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory SUSE-SA:2009:052 (MozillaFirefox)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66214);
+ script_cve_id("CVE-2009-1563", "CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3377", "CVE-2009-3378", "CVE-2009-3379", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383");
+ script_version ("$Revision$");
+ script_name("SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox)");
+
+ desc = "
+The remote host is missing updates announced in
+advisory SUSE-SA:2009:052.
+
+The Mozilla Firefox browser was updated to fix various bugs and
+security issues.
+
+For details on the issues addressed in this update, please visit
+the referenced security advisories.
+
+Solution:
+Update your system with the packages as indicated in
+the referenced security advisory.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:052
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~3.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~3.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-debuginfo", rpm:"mozilla-xulrunner190-debuginfo~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-debugsource", rpm:"mozilla-xulrunner190-debugsource~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~3.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~3.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190", rpm:"mozilla-xulrunner190~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-devel", rpm:"mozilla-xulrunner190-devel~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs", rpm:"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations", rpm:"mozilla-xulrunner190-translations~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"python-xpcom190", rpm:"python-xpcom190~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~3.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~3.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-debuginfo", rpm:"mozilla-xulrunner190-debuginfo~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-debugsource", rpm:"mozilla-xulrunner190-debugsource~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~3.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190", rpm:"mozilla-xulrunner190~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-devel", rpm:"mozilla-xulrunner190-devel~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs", rpm:"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations", rpm:"mozilla-xulrunner190-translations~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-64bit", rpm:"mozilla-xulrunner190-64bit~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs-64bit", rpm:"mozilla-xulrunner190-gnomevfs-64bit~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations-64bit", rpm:"mozilla-xulrunner190-translations-64bit~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-debuginfo-32bit", rpm:"mozilla-xulrunner190-debuginfo-32bit~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-32bit", rpm:"mozilla-xulrunner190-32bit~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs-32bit", rpm:"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations-32bit", rpm:"mozilla-xulrunner190-translations-32bit~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-32bit", rpm:"mozilla-xulrunner190-32bit~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs-32bit", rpm:"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations-32bit", rpm:"mozilla-xulrunner190-translations-32bit~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/suse_sr_2009_018.nasl
===================================================================
--- trunk/openvas-plugins/scripts/suse_sr_2009_018.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/suse_sr_2009_018.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,441 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory SUSE-SR:2009:018
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66215);
+ script_cve_id("CVE-2008-5519", "CVE-2009-1563", "CVE-2009-2408", "CVE-2009-2473", "CVE-2009-2661", "CVE-2009-3111", "CVE-2009-3235", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609", "CVE-2009-3720");
+ script_version ("$Revision$");
+ script_name("SuSE Security Summary SUSE-SR:2009:018");
+
+ desc = "
+The remote host is missing updates announced in
+advisory SUSE-SR:2009:018. SuSE Security Summaries are short
+on detail when it comes to the names of packages affected by
+a particular bug. Because of this, while this test will detect
+out of date packages, it cannot tell you what bugs impact
+which packages, or vice versa.
+
+Solution:
+
+Update all out of date packages.
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("SuSE Security Advisory SUSE-SR:2009:018");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/rpms");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-rpm.inc");
+vuln = 0;
+if(isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~3.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~3.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"apache2-mod_jk", rpm:"apache2-mod_jk~1.2.26~1.44.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd", rpm:"cyrus-imapd~2.3.11~60.21.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd-devel", rpm:"cyrus-imapd-devel~2.3.11~60.21.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~88.16.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun", rpm:"java-1_5_0-sun~1.5.0_update22~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-alsa", rpm:"java-1_5_0-sun-alsa~1.5.0_update22~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-devel", rpm:"java-1_5_0-sun-devel~1.5.0_update22~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-jdbc", rpm:"java-1_5_0-sun-jdbc~1.5.0_update22~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-plugin", rpm:"java-1_5_0-sun-plugin~1.5.0_update22~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-src", rpm:"java-1_5_0-sun-src~1.5.0_update22~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-base", rpm:"kernel-debug-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-debug-extra", rpm:"kernel-debug-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-default-extra", rpm:"kernel-default-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ec2", rpm:"kernel-ec2~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ec2-base", rpm:"kernel-ec2-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-ec2-extra", rpm:"kernel-ec2-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae-base", rpm:"kernel-pae-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-pae-extra", rpm:"kernel-pae-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-trace", rpm:"kernel-trace~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-trace-base", rpm:"kernel-trace-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-trace-extra", rpm:"kernel-trace-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-vanilla", rpm:"kernel-vanilla~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"kernel-xen-extra", rpm:"kernel-xen-extra~2.6.27.37~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libexpat-devel", rpm:"libexpat-devel~2.0.1~88.16.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libexpat1", rpm:"libexpat1~2.0.1~88.16.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libneon-devel", rpm:"libneon-devel~0.28.3~1.31.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libneon27", rpm:"libneon27~0.28.3~1.31.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvirt", rpm:"libvirt~0.4.6~11.15.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvirt-cim", rpm:"libvirt-cim~0.5.2~4.22.18", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvirt-devel", rpm:"libvirt-devel~0.4.6~11.15.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvirt-doc", rpm:"libvirt-doc~0.4.6~11.15.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libvirt-python", rpm:"libvirt-python~0.4.6~11.15.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-nspr", rpm:"mozilla-nspr~4.8.2~1.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-nspr-devel", rpm:"mozilla-nspr-devel~4.8.2~1.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190", rpm:"mozilla-xulrunner190~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-devel", rpm:"mozilla-xulrunner190-devel~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs", rpm:"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations", rpm:"mozilla-xulrunner190-translations~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"neon", rpm:"neon~0.28.3~1.31.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opera", rpm:"opera~10.01~1.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-IMAP", rpm:"perl-Cyrus-IMAP~2.3.11~60.21.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-SIEVE-managesieve", rpm:"perl-Cyrus-SIEVE-managesieve~2.3.11~60.21.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry", rpm:"pinentry~0.7.5~61.18.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry-gtk2", rpm:"pinentry-gtk2~0.7.5~61.18.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry-qt", rpm:"pinentry-qt~0.7.5~61.18.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"python-xpcom190", rpm:"python-xpcom190~1.9.0.15~0.1.2", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"timezone", rpm:"timezone~2009p~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"virt-manager", rpm:"virt-manager~0.5.3~64.25.17", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"virt-viewer", rpm:"virt-viewer~0.0.3~3.29.18", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"vm-install", rpm:"vm-install~0.3.26~0.1.9", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen", rpm:"xen~3.3.1_18546_20~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-devel", rpm:"xen-devel~3.3.1_18546_20~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-doc-html", rpm:"xen-doc-html~3.3.1_18546_20~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-doc-pdf", rpm:"xen-doc-pdf~3.3.1_18546_20~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-kmp-debug", rpm:"xen-kmp-debug~3.3.1_18546_20_2.6.27.29_0.1~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-kmp-default", rpm:"xen-kmp-default~3.3.1_18546_20_2.6.27.29_0.1~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-kmp-pae", rpm:"xen-kmp-pae~3.3.1_18546_20_2.6.27.29_0.1~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-kmp-trace", rpm:"xen-kmp-trace~3.3.1_18546_20_2.6.27.29_0.1~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-libs", rpm:"xen-libs~3.3.1_18546_20~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-tools", rpm:"xen-tools~3.3.1_18546_20~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xen-tools-domU", rpm:"xen-tools-domU~3.3.1_18546_20~0.1.1", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xpdf", rpm:"xpdf~3.02~97.81.3", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xpdf-tools", rpm:"xpdf-tools~3.02~97.81.3", rls:"openSUSE11.1")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~3.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"apache2-mod_jk", rpm:"apache2-mod_jk~1.2.21~129.2", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd", rpm:"cyrus-imapd~2.3.11~31.4", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd-devel", rpm:"cyrus-imapd-devel~2.3.11~31.4", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~62.2", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun", rpm:"java-1_5_0-sun~1.5.0_update22~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-alsa", rpm:"java-1_5_0-sun-alsa~1.5.0_update22~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-demo", rpm:"java-1_5_0-sun-demo~1.5.0_update22~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-devel", rpm:"java-1_5_0-sun-devel~1.5.0_update22~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-jdbc", rpm:"java-1_5_0-sun-jdbc~1.5.0_update22~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-plugin", rpm:"java-1_5_0-sun-plugin~1.5.0_update22~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"java-1_5_0-sun-src", rpm:"java-1_5_0-sun-src~1.5.0_update22~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libexpat-devel", rpm:"libexpat-devel~2.0.1~62.2", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libexpat1", rpm:"libexpat1~2.0.1~62.2", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libneon-devel", rpm:"libneon-devel~0.28.2~17.4", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libneon27", rpm:"libneon27~0.28.2~17.4", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-nspr", rpm:"mozilla-nspr~4.8.2~1.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-nspr-devel", rpm:"mozilla-nspr-devel~4.8.2~1.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190", rpm:"mozilla-xulrunner190~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-devel", rpm:"mozilla-xulrunner190-devel~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-gnomevfs", rpm:"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"mozilla-xulrunner190-translations", rpm:"mozilla-xulrunner190-translations~1.9.0.15~0.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"neon", rpm:"neon~0.28.2~17.4", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"opera", rpm:"opera~10.01~1.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-IMAP", rpm:"perl-Cyrus-IMAP~2.3.11~31.4", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-SIEVE-managesieve", rpm:"perl-Cyrus-SIEVE-managesieve~2.3.11~31.4", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry", rpm:"pinentry~0.7.5~18.3", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry-gtk2", rpm:"pinentry-gtk2~0.7.5~14.2", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry-qt", rpm:"pinentry-qt~0.7.5~14.2", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"timezone", rpm:"timezone~2009p~1.1", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xpdf", rpm:"xpdf~3.02~95.9", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xpdf-tools", rpm:"xpdf-tools~3.02~95.9", rls:"openSUSE11.0")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"apache2-mod_jk", rpm:"apache2-mod_jk~1.2.21~59.4", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd", rpm:"cyrus-imapd~2.3.8~51.4", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"cyrus-imapd-devel", rpm:"cyrus-imapd-devel~2.3.8~51.4", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~24.2", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libexpat-devel", rpm:"libexpat-devel~2.0.1~24.2", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"libexpat1", rpm:"libexpat1~2.0.1~24.2", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"neon", rpm:"neon~0.26.4~17.2", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"neon-devel", rpm:"neon-devel~0.26.4~17.2", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-IMAP", rpm:"perl-Cyrus-IMAP~2.3.8~51.4", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"perl-Cyrus-SIEVE-managesieve", rpm:"perl-Cyrus-SIEVE-managesieve~2.3.8~51.4", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry", rpm:"pinentry~0.7.2~121.3", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry-gtk2", rpm:"pinentry-gtk2~0.7.2~14.2", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"pinentry-qt", rpm:"pinentry-qt~0.7.2~14.2", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"timezone", rpm:"timezone~2009p~1.1", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xpdf", rpm:"xpdf~3.02~19.13", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+if(isrpmvuln(pkg:"xpdf-tools", rpm:"xpdf-tools~3.02~19.13", rls:"openSUSE10.3")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/ubuntu_857_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ubuntu_857_1.nasl 2009-11-11 14:39:37 UTC (rev 5840)
+++ trunk/openvas-plugins/scripts/ubuntu_857_1.nasl 2009-11-11 14:56:44 UTC (rev 5841)
@@ -0,0 +1,321 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory USN-857-1 (qt4-x11)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or at your option, GNU General Public License version 3,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(66216);
+ script_cve_id("CVE-2009-0945", "CVE-2009-1687", "CVE-2009-1690", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1725");
+ script_version ("$Revision$");
+ script_name("Ubuntu USN-857-1 (qt4-x11)");
+
+ desc = "
+The remote host is missing an update to qt4-x11
+announced via advisory USN-857-1.
+
+Details follow:
+
+It was discovered that QtWebKit did not properly handle certain SVGPathList
+data structures. If a user were tricked into viewing a malicious website,
+an attacker could exploit this to execute arbitrary code with the
+privileges of the user invoking the program. (CVE-2009-0945)
+
+Several flaws were discovered in the QtWebKit browser and JavaScript
+engines. If a user were tricked into viewing a malicious website, a remote
+attacker could cause a denial of service or possibly execute arbitrary code
+with the privileges of the user invoking the program. (CVE-2009-1687,
+CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725)
+
+It was discovered that QtWebKit did not properly handle certain XSL
+stylesheets. If a user were tricked into viewing a malicious website,
+an attacker could exploit this to read arbitrary local files, and possibly
+files from different security zones. (CVE-2009-1699, CVE-2009-1713)
+
+It was discovered that QtWebKit did not prevent the loading of local Java
+applets. If a user were tricked into viewing a malicious website, an
+attacker could exploit this to execute arbitrary code with the privileges
+of the user invoking the program. (CVE-2009-1712)
+
+Solution:
+The problem can be corrected by upgrading your system to the
+following package versions:
+
+Ubuntu 8.10:
+ libqt4-webkit 4.4.3-0ubuntu1.4
+
+Ubuntu 9.04:
+ libqt4-webkit 4.5.0-0ubuntu4.3
+
+After a standard system upgrade you need to restart your session to effect
+the necessary changes.
+
+https://secure1.securityspace.com/smysecure/catid.html?in=USN-857-1
+
+Risk factor : High";
+
+ script_description(desc);
+
+ script_summary("Ubuntu USN-857-1 (qt4-x11)");
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"qt4-doc-html", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-doc", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-assistant", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-core", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-dbg", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-dbus", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-designer", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-dev", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-gui", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-help", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-network", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-opengl-dev", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-opengl", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-qt3support", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-script", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-mysql", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-odbc", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-psql", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-sqlite2", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-sqlite", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-svg", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-test", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-webkit-dbg", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-webkit", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-xml", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-xmlpatterns-dbg", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-xmlpatterns", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqtcore4", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqtgui4", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-demos", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-designer", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-dev-tools", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-qtconfig", ver:"4.4.3-0ubuntu1.4", rls:"UBUNTU8.10")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-doc-html", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-doc", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-assistant", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-core", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-dbg", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-dbus", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-designer", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-dev-dbg", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-dev", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-gui", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-help", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-network", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-opengl-dev", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-opengl", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-qt3support", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-script", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-scripttools", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-mysql", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-odbc", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-psql", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-sqlite2", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql-sqlite", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-sql", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-svg", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-test", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-webkit-dbg", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-webkit", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-xml", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-xmlpatterns-dbg", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqt4-xmlpatterns", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqtcore4", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"libqtgui4", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-demos-dbg", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-demos", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-designer", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-dev-tools-dbg", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-dev-tools", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-qmake", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+if(isdpkgvuln(pkg:"qt4-qtconfig", ver:"4.5.0-0ubuntu4.3", rls:"UBUNTU9.04")) {
+ vuln = 1;
+}
+
+if(vuln) {
+ security_hole(0);
+}
More information about the Openvas-commits
mailing list