[Openvas-commits] r8207 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Jun 28 09:16:32 CEST 2010
Author: veerendragg
Date: 2010-06-28 09:16:14 +0200 (Mon, 28 Jun 2010)
New Revision: 8207
Added:
trunk/openvas-plugins/scripts/gb_RHSA-2010_0499-01_seamonkey.nasl
trunk/openvas-plugins/scripts/gb_RHSA-2010_0501-01_firefox.nasl
trunk/openvas-plugins/scripts/gb_fedora_2010_10066_cups_fc11.nasl
trunk/openvas-plugins/scripts/gb_fedora_2010_10400_python-paste_fc11.nasl
trunk/openvas-plugins/scripts/gb_fedora_2010_9487_gnutls_fc12.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added LSC's
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2010-06-28 06:15:44 UTC (rev 8206)
+++ trunk/openvas-plugins/ChangeLog 2010-06-28 07:16:14 UTC (rev 8207)
@@ -1,3 +1,12 @@
+2010-06-28 Veerendra G.G <veerendragg at secpod.com>
+
+ * scripts/gb_RHSA-2010_0501-01_firefox.nasl,
+ scripts/gb_fedora_2010_10400_python-paste_fc11.nasl,
+ scripts/gb_fedora_2010_9487_gnutls_fc12.nasl,
+ scripts/gb_fedora_2010_10066_cups_fc11.nasl,
+ scripts/gb_RHSA-2010_0499-01_seamonkey.nasl:
+ Added new LSC's.
+
2010-06-25 Chandrashekhar B <bchandra at secpod.com>
* scripts/secpod_adobe_indesign_bof_vuln.nasl,
Added: trunk/openvas-plugins/scripts/gb_RHSA-2010_0499-01_seamonkey.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2010_0499-01_seamonkey.nasl 2010-06-28 06:15:44 UTC (rev 8206)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2010_0499-01_seamonkey.nasl 2010-06-28 07:16:14 UTC (rev 8207)
@@ -0,0 +1,226 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for seamonkey RHSA-2010:0499-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(870283);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "RHSA", value: "2010:0499-01");
+ script_cve_id("CVE-2010-0163", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200");
+ script_name("RedHat Update for seamonkey RHSA-2010:0499-01");
+ desc = "
+
+ Vulnerability Insight:
+ SeaMonkey is an open source web browser, email and newsgroup client, IRC
+ chat client, and HTML editor.
+
+ Several flaws were found in the processing of malformed web content. A web
+ page containing malicious content could cause SeaMonkey to crash or,
+ potentially, execute arbitrary code with the privileges of the user running
+ SeaMonkey. (CVE-2010-1200)
+
+ A flaw was found in the way browser plug-ins interact. It was possible for
+ a plug-in to reference the freed memory from a different plug-in, resulting
+ in the execution of arbitrary code with the privileges of the user running
+ SeaMonkey. (CVE-2010-1198)
+
+ An integer overflow flaw was found in the processing of malformed web
+ content. A web page containing malicious content could cause SeaMonkey to
+ crash or, potentially, execute arbitrary code with the privileges of the
+ user running SeaMonkey. (CVE-2010-1199)
+
+ A flaw was found in the way SeaMonkey processed mail attachments. A
+ specially-crafted mail message could cause SeaMonkey to crash.
+ (CVE-2010-0163)
+
+ A flaw was found in the way SeaMonkey handled the "Content-Disposition:
+ attachment" HTTP header when the "Content-Type: multipart" HTTP header was
+ also present. A website that allows arbitrary uploads and relies on the
+ "Content-Disposition: attachment" HTTP header to prevent content from being
+ displayed inline, could be used by an attacker to serve malicious content
+ to users. (CVE-2010-1197)
+
+ All SeaMonkey users should upgrade to these updated packages, which correct
+ these issues. After installing the update, SeaMonkey must be restarted for
+ the changes to take effect.
+
+
+ Affected Software/OS:
+ seamonkey on Red Hat Enterprise Linux AS version 3,
+ Red Hat Enterprise Linux AS version 4,
+ Red Hat Enterprise Linux ES version 3,
+ Red Hat Enterprise Linux ES version 4,
+ Red Hat Enterprise Linux WS version 3,
+ Red Hat Enterprise Linux WS version 4
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2010-June/msg00017.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of seamonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_4")
+{
+
+ if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~58.el4_8", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~58.el4_8", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~58.el4_8", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~58.el4_8", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~58.el4_8", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~58.el4_8", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~58.el4_8", rls:"RHENT_4"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "RHENT_3")
+{
+
+ if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~0.55.el3", rls:"RHENT_3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_RHSA-2010_0501-01_firefox.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_RHSA-2010_0501-01_firefox.nasl 2010-06-28 06:15:44 UTC (rev 8206)
+++ trunk/openvas-plugins/scripts/gb_RHSA-2010_0501-01_firefox.nasl 2010-06-28 07:16:14 UTC (rev 8207)
@@ -0,0 +1,255 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# RedHat Update for firefox RHSA-2010:0501-01
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(870282);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "RHSA", value: "2010:0501-01");
+ script_cve_id("CVE-2008-5913", "CVE-2010-0182", "CVE-2010-1121", "CVE-2010-1125", "CVE-2010-1196", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1202", "CVE-2010-1203");
+ script_name("RedHat Update for firefox RHSA-2010:0501-01");
+ desc = "
+
+ Vulnerability Insight:
+ Mozilla Firefox is an open source web browser.
+
+ Several flaws were found in the processing of malformed web content. A web
+ page containing malicious content could cause Firefox to crash or,
+ potentially, execute arbitrary code with the privileges of the user running
+ Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)
+
+ A flaw was found in the way browser plug-ins interact. It was possible for
+ a plug-in to reference the freed memory from a different plug-in, resulting
+ in the execution of arbitrary code with the privileges of the user running
+ Firefox. (CVE-2010-1198)
+
+ Several integer overflow flaws were found in the processing of malformed
+ web content. A web page containing malicious content could cause Firefox to
+ crash or, potentially, execute arbitrary code with the privileges of the
+ user running Firefox. (CVE-2010-1196, CVE-2010-1199)
+
+ A focus stealing flaw was found in the way Firefox handled focus changes. A
+ malicious website could use this flaw to steal sensitive data from a user,
+ such as usernames and passwords. (CVE-2010-1125)
+
+ A flaw was found in the way Firefox handled the "Content-Disposition:
+ attachment" HTTP header when the "Content-Type: multipart" HTTP header was
+ also present. A website that allows arbitrary uploads and relies on the
+ "Content-Disposition: attachment" HTTP header to prevent content from being
+ displayed inline, could be used by an attacker to serve malicious content
+ to users. (CVE-2010-1197)
+
+ A flaw was found in the Firefox Math.random() function. This function could
+ be used to identify a browsing session and track a user across different
+ websites. (CVE-2008-5913)
+
+ A flaw was found in the Firefox XML document loading security checks.
+ Certain security checks were not being called when an XML document was
+ loaded. This could possibly be leveraged later by an attacker to load
+ certain resources that violate the security policies of the browser or its
+ add-ons. Note that this issue cannot be exploited by only loading an XML
+ document. (CVE-2010-0182)
+
+ For technical details regarding these flaws, refer to the Mozilla security
+ advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories
+ in the References section of this erratum.
+
+ This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to
+ the requirements of Firefox 3.6.4, this erratum also provides a number of
+ other updated packages, including esc, totem, and yelp.
+
+ This erratum also contains multiple bug fixes and numerous enhan ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ firefox on Red Hat Enterprise Linux (v. 5 server)
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ https://www.redhat.com/archives/rhsa-announce/2010-June/msg00019.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_family("Red Hat Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "RHENT_5")
+{
+
+ if(isrpmvuln(pkg:"devhelp", rpm:"devhelp~0.12~21.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"devhelp-debuginfo", rpm:"devhelp-debuginfo~0.12~21.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"devhelp-devel", rpm:"devhelp-devel~0.12~21.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"esc", rpm:"esc~1.1.0~12.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"esc-debuginfo", rpm:"esc-debuginfo~1.1.0~12.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"firefox", rpm:"firefox~3.6.4~8.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~3.6.4~8.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"gnome-python2-extras", rpm:"gnome-python2-extras~2.14.2~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"gnome-python2-extras-debuginfo", rpm:"gnome-python2-extras-debuginfo~2.14.2~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"gnome-python2-gtkhtml2", rpm:"gnome-python2-gtkhtml2~2.14.2~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"gnome-python2-gtkmozembed", rpm:"gnome-python2-gtkmozembed~2.14.2~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"gnome-python2-gtkspell", rpm:"gnome-python2-gtkspell~2.14.2~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"gnome-python2-libegg", rpm:"gnome-python2-libegg~2.14.2~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"totem", rpm:"totem~2.16.7~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"totem-debuginfo", rpm:"totem-debuginfo~2.16.7~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"totem-devel", rpm:"totem-devel~2.16.7~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"totem-mozplugin", rpm:"totem-mozplugin~2.16.7~7.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.2.4~9.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"xulrunner-debuginfo", rpm:"xulrunner-debuginfo~1.9.2.4~9.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"xulrunner-devel", rpm:"xulrunner-devel~1.9.2.4~9.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"yelp", rpm:"yelp~2.16.0~26.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"yelp-debuginfo", rpm:"yelp-debuginfo~2.16.0~26.el5", rls:"RHENT_5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2010_10066_cups_fc11.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2010_10066_cups_fc11.nasl 2010-06-28 06:15:44 UTC (rev 8206)
+++ trunk/openvas-plugins/scripts/gb_fedora_2010_10066_cups_fc11.nasl 2010-06-28 07:16:14 UTC (rev 8207)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for cups FEDORA-2010-10066
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(862205);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2010-10066");
+ script_cve_id("CVE-2010-0540", "CVE-2010-0542", "CVE-2010-1748", "CVE-2010-0302", "CVE-2009-3553");
+ script_name("Fedora Update for cups FEDORA-2010-10066");
+ desc = "
+
+ Vulnerability Insight:
+ The Common UNIX Printing System provides a portable printing layer for
+ UNIX® operating systems. It has been developed by Easy Software Products
+ to promote a standard printing solution for all UNIX vendors and users.
+ CUPS provides the System V and Berkeley command-line interfaces.
+
+
+ Affected Software/OS:
+ cups on Fedora 11
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043435.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of cups");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC11")
+{
+
+ if(isrpmvuln(pkg:"cups", rpm:"cups~1.4.4~4.fc11", rls:"FC11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2010_10400_python-paste_fc11.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2010_10400_python-paste_fc11.nasl 2010-06-28 06:15:44 UTC (rev 8206)
+++ trunk/openvas-plugins/scripts/gb_fedora_2010_10400_python-paste_fc11.nasl 2010-06-28 07:16:14 UTC (rev 8207)
@@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for python-paste FEDORA-2010-10400
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(862206);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2010-10400");
+ script_name("Fedora Update for python-paste FEDORA-2010-10400");
+ desc = "
+
+ Vulnerability Insight:
+ These provide several pieces of "middleware" (or filters) that can be nested
+ to build web applications. Each piece of middleware uses the WSGI (PEP 333)
+ interface, and should be compatible with other middleware based on those
+ interfaces.
+
+
+ Affected Software/OS:
+ python-paste on Fedora 11
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043453.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of python-paste");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC11")
+{
+
+ if(isrpmvuln(pkg:"python-paste", rpm:"python-paste~1.7.4~1.fc11", rls:"FC11"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/scripts/gb_fedora_2010_9487_gnutls_fc12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2010_9487_gnutls_fc12.nasl 2010-06-28 06:15:44 UTC (rev 8206)
+++ trunk/openvas-plugins/scripts/gb_fedora_2010_9487_gnutls_fc12.nasl 2010-06-28 07:16:14 UTC (rev 8207)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for gnutls FEDORA-2010-9487
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(862207);
+ script_version("$Revision$: 1.0");
+ script_tag(name:"cvss_base", value:"6.4");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2010-9487");
+ script_cve_id("CVE-2009-3555");
+ script_name("Fedora Update for gnutls FEDORA-2010-9487");
+ desc = "
+
+ Vulnerability Insight:
+ GnuTLS is a project that aims to develop a library which provides a secure
+ layer, over a reliable transport layer. Currently the GnuTLS library implements
+ the proposed standards by the IETF's TLS working group.
+
+
+ Affected Software/OS:
+ gnutls on Fedora 12
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043445.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of gnutls");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC12")
+{
+
+ if(isrpmvuln(pkg:"gnutls", rpm:"gnutls~2.8.6~2.fc12", rls:"FC12"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
More information about the Openvas-commits
mailing list