Vulnerabilities > CVE-2007-4768 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2007-009.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 29723 published 2007-12-18 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29723 title Mac OS X Multiple Vulnerabilities (Security Update 2007-009) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(29723); script_version("1.27"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2006-0024", "CVE-2007-1218", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-3798", "CVE-2007-3876", "CVE-2007-4131", "CVE-2007-4351", "CVE-2007-4572", "CVE-2007-4708", "CVE-2007-4709", "CVE-2007-4710", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4965", "CVE-2007-5116", "CVE-2007-5379", "CVE-2007-5380", "CVE-2007-5398", "CVE-2007-5476", "CVE-2007-5770", "CVE-2007-5847", "CVE-2007-5848", "CVE-2007-5849", "CVE-2007-5850", "CVE-2007-5851", "CVE-2007-5853", "CVE-2007-5854", "CVE-2007-5855", "CVE-2007-5856", "CVE-2007-5857", "CVE-2007-5858", "CVE-2007-5859", "CVE-2007-5860", "CVE-2007-5861", "CVE-2007-5863", "CVE-2007-6077", "CVE-2007-6165"); script_bugtraq_id(17106, 22772, 24965, 25417, 25696, 26096, 26268, 26274, 26346, 26350, 26421, 26454, 26455, 26510, 26598, 26908, 26910, 26926); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-009)"); script_summary(english:"Check for the presence of Security Update 2007-009"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs."); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307179"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/13649"); script_set_attribute(attribute:"solution", value:"Install Security Update 2007-009."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mail.app Image Attachment Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(16, 20, 22, 79, 119, 134, 189, 200, 264, 287, 310, 362, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if ( ! uname ) exit(0); if ( egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname) ) { packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2007-009|200[89]-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if ( egrep(pattern:"Darwin.* (9\.[01]\.)", string:uname) ) { packages = get_kb_item("Host/MacOSX/packages/boms"); if ( ! packages ) exit(0); if ( !egrep(pattern:"^com\.apple\.pkg\.update\.security\.2007\.009\.bom", string:packages) ) security_hole(0); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-547-1.NASL description Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application last seen 2020-06-01 modified 2020-06-02 plugin id 28359 published 2007-11-29 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28359 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : pcre3 vulnerabilities (USN-547-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-547-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28359); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768"); script_xref(name:"USN", value:"547-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : pcre3 vulnerabilities (USN-547-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/547-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpcre3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpcre3-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpcrecpp0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pcregrep"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pgrep"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"libpcre3", pkgver:"7.4-0ubuntu0.6.06.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpcre3-dev", pkgver:"7.4-0ubuntu0.6.06.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpcrecpp0", pkgver:"7.4-0ubuntu0.6.06.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"pcregrep", pkgver:"7.4-0ubuntu0.6.06.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"pgrep", pkgver:"7.4-0ubuntu0.6.06.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpcre3", pkgver:"7.4-0ubuntu0.6.10.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpcre3-dev", pkgver:"7.4-0ubuntu0.6.10.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpcrecpp0", pkgver:"7.4-0ubuntu0.6.10.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"pcregrep", pkgver:"7.4-0ubuntu0.6.10.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libpcre3", pkgver:"7.4-0ubuntu0.7.04.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libpcre3-dev", pkgver:"7.4-0ubuntu0.7.04.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libpcrecpp0", pkgver:"7.4-0ubuntu0.7.04.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"pcregrep", pkgver:"7.4-0ubuntu0.7.04.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libpcre3", pkgver:"7.4-0ubuntu0.7.10.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libpcre3-dev", pkgver:"7.4-0ubuntu0.7.10.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libpcrecpp0", pkgver:"7.4-0ubuntu0.7.10.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"pcregrep", pkgver:"7.4-0ubuntu0.7.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpcre3 / libpcre3-dev / libpcrecpp0 / pcregrep / pgrep"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-211.NASL description Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37237 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37237 title Mandrake Linux Security Advisory : pcre (MDKSA-2007:211) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:211. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(37237); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768"); script_xref(name:"MDKSA", value:"2007:211"); script_name(english:"Mandrake Linux Security Advisory : pcre (MDKSA-2007:211)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pcre-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pcre0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpcre-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpcre0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pcre"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64pcre-devel-7.3-0.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64pcre0-7.3-0.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libpcre-devel-7.3-0.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libpcre0-7.3-0.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"pcre-7.3-0.1mdv2007.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-4855.NASL description This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files. (CVE-2007-4324, CVE-2007-4768, CVE-2007-5275, CVE-2007-6242, CVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-6246) Note: Since Adobe doesn last seen 2020-06-01 modified 2020-06-02 plugin id 29784 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29784 title openSUSE 10 Security Update : flash-player (flash-player-4855) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update flash-player-4855. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(29784); script_version ("1.16"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"); script_name(english:"openSUSE 10 Security Update : flash-player (flash-player-4855)"); script_summary(english:"Check for the flash-player-4855 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files. (CVE-2007-4324, CVE-2007-4768, CVE-2007-5275, CVE-2007-6242, CVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-6246) Note: Since Adobe doesn't support browsers other than Firefox and Mozilla, this update doesn't work with browsers such as Konqueror. Updates for konquerors are already in the works." ); script_set_attribute( attribute:"solution", value:"Update the affected flash-player package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 79, 119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"flash-player-9.0.115.0-0.2") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"flash-player-9.0.115.0-0.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"flash-player-9.0.115.0-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player"); }NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-4856.NASL description This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files. (CVE-2007-4324 / CVE-2007-4768 / CVE-2007-5275 / CVE-2007-6242 / CVE-2007-6243 / CVE-2007-6244 / CVE-2007-6245 / CVE-2007-6246) Note: Since Adobe doesn last seen 2020-06-01 modified 2020-06-02 plugin id 29785 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29785 title SuSE 10 Security Update : flash-player (ZYPP Patch Number 4856) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29785); script_version ("1.20"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"); script_name(english:"SuSE 10 Security Update : flash-player (ZYPP Patch Number 4856)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files. (CVE-2007-4324 / CVE-2007-4768 / CVE-2007-5275 / CVE-2007-6242 / CVE-2007-6243 / CVE-2007-6244 / CVE-2007-6245 / CVE-2007-6246) Note: Since Adobe doesn't support browsers other than Firefox and Mozilla, this update doesn't work with browsers such as Konqueror. Updates for konquerors are already in the works." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4324.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4768.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5275.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6242.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6243.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6244.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6245.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6246.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4856."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 79, 119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"flash-player-9.0.115.0-0.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1126.NASL description An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. Several input validation flaws were found in the way Flash Player displays certain content. It may be possible to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 40711 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40711 title RHEL 3 / 4 / 5 : flash-plugin (RHSA-2007:1126) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1126. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(40711); script_version ("1.38"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"); script_bugtraq_id(25260, 26930, 26949, 26951, 26960, 26965, 26966, 26969); script_xref(name:"RHSA", value:"2007:1126"); script_name(english:"RHEL 3 / 4 / 5 : flash-plugin (RHSA-2007:1126)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. Several input validation flaws were found in the way Flash Player displays certain content. It may be possible to execute arbitrary code on a victim's machine, if the victim opens a malicious Adobe Flash file. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246) A flaw was found in the way Flash Player handled the asfunction: protocol. Malformed SWF files could perform a cross-site scripting attack. (CVE-2007-6244) A flaw was found in the way Flash Player modified HTTP request headers. Malicious content could allow Flash Player to conduct a HTTP response splitting attack. (CVE-2007-6245) A flaw was found in the way Flash Player processes certain SWF content. A malicious SWF file could allow a remote attacker to conduct a port scanning attack from the client's machine. (CVE-2007-4324) A flaw was found in the way Flash Player establishes TCP sessions. A remote attacker could use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275) Users of Adobe Flash Player are advised to upgrade to this updated package, which contains version 9.0.115.0 and resolves these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4324" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4768" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5275" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6242" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6243" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6244" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6245" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6246" ); # http://www.adobe.com/support/security/bulletins/apsb07-20.html script_set_attribute( attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb07-20.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:1126" ); script_set_attribute( attribute:"solution", value:"Update the affected flash-plugin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 79, 119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:flash-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/13"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:1126"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"flash-plugin-9.0.115.0-1.el3.with.oss")) flag++; if (rpm_check(release:"RHEL4", reference:"flash-plugin-9.0.115.0-1.el4")) flag++; if (rpm_check(release:"RHEL5", reference:"flash-plugin-9.0.115.0-1.el5")) flag++; if (flag) { flash_plugin_caveat = '\n' + 'NOTE: This vulnerability check only applies to RedHat released\n' + 'versions of the flash-plugin package. This check does not apply to\n' + 'Adobe released versions of the flash-plugin package, which are\n' + 'versioned similarly and cause collisions in detection.\n\n' + 'If you are certain you are running the Adobe released package of\n' + 'flash-plugin and are running a version of it equal or higher to the\n' + 'RedHat version listed above then you can consider this a false\n' + 'positive.\n'; security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-plugin"); } }NASL family Windows NASL id ADOBE_ACROBAT_812.NASL description The version of Adobe Acrobat installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities : - A design error vulnerability may allow an attacker to gain control of a user last seen 2020-06-01 modified 2020-06-02 plugin id 40800 published 2009-08-28 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40800 title Adobe Acrobat < 8.1.2 / 7.1.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(40800); script_version("1.16"); script_cve_id( #"CVE-2007-4768", heap overflow in PCRE library "CVE-2007-5659", "CVE-2007-5663", "CVE-2007-5666", "CVE-2008-0655", "CVE-2008-0667", "CVE-2008-0726", "CVE-2008-2042"); script_bugtraq_id(27641); script_name(english:"Adobe Acrobat < 8.1.2 / 7.1.0 Multiple Vulnerabilities"); script_summary(english:"Checks version of Adobe Acrobat"); script_set_attribute(attribute:"synopsis", value: "The version of Adobe Acrobat on the remote Windows host is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value:"The version of Adobe Acrobat installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities : - A design error vulnerability may allow an attacker to gain control of a user's printer. - Multiple stack-based buffer overflows may allow an attacker to execute arbitrary code subject to the user's privileges. - Insecure loading of 'Security Provider' libraries may allow for arbitrary code execution. - An insecure method exposed by the JavaScript library in the 'EScript.api' plug-in allows direct control over low-level features of the object, which allows for execution of arbitrary code as the current user. - Two vulnerabilities in the unpublicized function 'app.checkForUpdate()' exploited through a callback function could lead to arbitrary code execution in Adobe Acrobat 7." ); script_set_attribute( attribute:"see_also", value:"https://www.adobe.com/support/security/advisories/apsa08-01.html" ); script_set_attribute( attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb08-13.html" ); script_set_attribute( attribute:"solution", value: "Upgrade to Adobe Acrobat 8.1.2 / 7.1.0 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Collab.collectEmailInfo() Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(94, 119, 189, 399); script_set_attribute( attribute:'vuln_publication_date', value:'2008/02/07' ); script_set_attribute( attribute:'patch_publication_date', value:'2008/05/16' ); script_set_attribute( attribute:'plugin_publication_date', value:'2009/08/28' ); script_cvs_date("Date: 2018/11/15 20:50:26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("adobe_acrobat_installed.nasl"); script_require_keys("SMB/Acrobat/Version"); exit(0); } # include("global_settings.inc"); version = get_kb_item("SMB/Acrobat/Version"); if (isnull(version)) exit(1, "The 'SMB/Acrobat/Version' KB item is missing."); if (version =~ "^([0-6]\.|7\.0|8\.(0\.|1\.[01][^0-9.]?))") { version_ui = get_kb_item("SMB/Acrobat/Version_UI"); if (report_verbosity > 0 && version_ui) { path = get_kb_item("SMB/Acrobat/Path"); if (isnull(path)) path = "n/a"; report = string( "\n", " Path : ", path, "\n", " Installed version : ", version_ui, "\n", " Fix : 8.1.2 / 7.1.0\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } else exit(0, "Acrobat "+version+" is not affected.");NASL family Fedora Local Security Checks NASL id FEDORA_2008-1842.NASL description This update re-based pcre to version 7.3 as used in Fedora 8 to address multiple security issues that cause memory corruption, leading to application crash or possible execution of arbitrary code. CVE-2007-1659 (#315871), CVE-2007-1661 (#392931), CVE-2007-1662 (#392921), CVE-2007-4766 (#392891), CVE-2007-4767 (#392901), CVE-2007-4768 (#392911), CVE-2008-0674 (#431660) This issue may affect usages of pcre, where regular expressions from untrusted sources are compiled. Handling of untrusted data using trusted regular expressions is not affected by these problems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31363 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31363 title Fedora 7 : pcre-7.3-3.fc7 (2008-1842) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-1842. # include("compat.inc"); if (description) { script_id(31363); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2007-1659", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2008-0674"); script_bugtraq_id(27786); script_xref(name:"FEDORA", value:"2008-1842"); script_name(english:"Fedora 7 : pcre-7.3-3.fc7 (2008-1842)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update re-based pcre to version 7.3 as used in Fedora 8 to address multiple security issues that cause memory corruption, leading to application crash or possible execution of arbitrary code. CVE-2007-1659 (#315871), CVE-2007-1661 (#392931), CVE-2007-1662 (#392921), CVE-2007-4766 (#392891), CVE-2007-4767 (#392901), CVE-2007-4768 (#392911), CVE-2008-0674 (#431660) This issue may affect usages of pcre, where regular expressions from untrusted sources are compiled. Handling of untrusted data using trusted regular expressions is not affected by these problems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=315871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=392891" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=392901" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=392911" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=392921" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=392931" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431660" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008520.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?49029cc9" ); script_set_attribute(attribute:"solution", value:"Update the affected pcre package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pcre"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"pcre-7.3-3.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-002.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 31605 published 2008-03-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31605 title Mac OS X Multiple Vulnerabilities (Security Update 2008-002) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(31605); script_version ("1.38"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-3352", "CVE-2005-4077", "CVE-2006-3334", "CVE-2006-3747", "CVE-2006-5793", "CVE-2006-6481", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-1745", "CVE-2007-1997", "CVE-2007-2445", "CVE-2007-2799", "CVE-2007-3378", "CVE-2007-3725", "CVE-2007-3799", "CVE-2007-3847", "CVE-2007-4510", "CVE-2007-4560", "CVE-2007-4568", "CVE-2007-4752", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4887", "CVE-2007-4990", "CVE-2007-5000", "CVE-2007-5266", "CVE-2007-5267", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5795", "CVE-2007-5901", "CVE-2007-5958", "CVE-2007-5971", "CVE-2007-6109", "CVE-2007-6203", "CVE-2007-6335", "CVE-2007-6336", "CVE-2007-6337", "CVE-2007-6388", "CVE-2007-6421", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0005", "CVE-2008-0006", "CVE-2008-0044", "CVE-2008-0045", "CVE-2008-0046", "CVE-2008-0047", "CVE-2008-0048", "CVE-2008-0049", "CVE-2008-0050", "CVE-2008-0051", "CVE-2008-0052", "CVE-2008-0053", "CVE-2008-0054", "CVE-2008-0055", "CVE-2008-0056", "CVE-2008-0057", "CVE-2008-0058", "CVE-2008-0059", "CVE-2008-0060", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0318", "CVE-2008-0596", "CVE-2008-0728", "CVE-2008-0882", "CVE-2008-0987", "CVE-2008-0988", "CVE-2008-0989", "CVE-2008-0990", "CVE-2008-0992", "CVE-2008-0993", "CVE-2008-0994", "CVE-2008-0995", "CVE-2008-0996", "CVE-2008-0997", "CVE-2008-0998", "CVE-2008-0999", "CVE-2008-1000"); script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838, 26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307, 28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357, 28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372, 28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)"); script_summary(english:"Check for the presence of Security Update 2008-002"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs." ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307562" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" ); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/14242" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-002 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/03/19"); script_set_attribute(attribute:"patch_publication_date", value: "2007/08/24"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-2]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.002\.bom", string:packages)) security_hole(0); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-30.NASL description The remote host is affected by the vulnerability described in GLSA-200711-30 (PCRE: Multiple vulnerabilities) Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing last seen 2020-06-01 modified 2020-06-02 plugin id 28319 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28319 title GLSA-200711-30 : PCRE: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200711-30. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(28319); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768"); script_xref(name:"GLSA", value:"200711-30"); script_name(english:"GLSA-200711-30 : PCRE: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200711-30 (PCRE: Multiple vulnerabilities) Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing '\\Q\\E' sequences with unmatched '\\E' codes that can lead to the compiled bytecode being corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for unspecified 'multiple forms of character class', which triggers a buffer overflow (CVE-2007-1660). Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode (CVE-2007-1661) and when searching for unmatched brackets or parentheses (CVE-2007-1662). Multiple integer overflows when processing escape sequences may lead to invalid memory read operations or potentially cause heap-based buffer overflows (CVE-2007-4766). PCRE does not properly handle '\\P' and '\\P{x}' sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops (CVE-2007-4767), PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow (CVE-2007-4768). Chris Evans also reported multiple integer overflow vulnerabilities in PCRE when processing a large number of named subpatterns ('name_count') or long subpattern names ('max_name_size') (CVE-2006-7227), and via large 'min', 'max', or 'duplength' values (CVE-2006-7228) both possibly leading to buffer overflows. Another vulnerability was reported when compiling patterns where the '-x' or '-i' UTF-8 options change within the pattern, which might lead to improper memory calculations (CVE-2006-7230). Impact : An attacker could exploit these vulnerabilities by sending specially crafted regular expressions to applications making use of the PCRE library, which could possibly lead to the execution of arbitrary code, a Denial of Service or the disclosure of sensitive information. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200711-30" ); script_set_attribute( attribute:"solution", value: "All PCRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/libpcre-7.3-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libpcre"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/libpcre", unaffected:make_list("ge 7.3-r1"), vulnerable:make_list("lt 7.3-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PCRE"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-212.NASL description Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. Additionally, Corporate Server 4.0 was updated to pcre version 6.7 which corrected CVE-2006-7225, CVE-2006-7226, CVE-2006-7227, CVE-2006-7228, and CVE-2006-7230. last seen 2020-06-01 modified 2020-06-02 plugin id 27849 published 2007-11-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27849 title Mandrake Linux Security Advisory : pcre (MDKSA-2007:212) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:212. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(27849); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768"); script_xref(name:"MDKSA", value:"2007:212"); script_name(english:"Mandrake Linux Security Advisory : pcre (MDKSA-2007:212)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. Additionally, Corporate Server 4.0 was updated to pcre version 6.7 which corrected CVE-2006-7225, CVE-2006-7226, CVE-2006-7227, CVE-2006-7228, and CVE-2006-7230." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(20, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pcre0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pcre0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpcre0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpcre0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pcre"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64pcre0-6.7-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64pcre0-devel-6.7-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libpcre0-6.7-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libpcre0-devel-6.7-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"pcre-6.7-1.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_562CF6C4B9F111DCA302000102CC8983.NASL description Adobe Security bulletin : Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform. last seen 2020-06-01 modified 2020-06-02 plugin id 29849 published 2008-01-04 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29849 title FreeBSD : linux-flashplugin -- multiple vulnerabilities (562cf6c4-b9f1-11dc-a302-000102cc8983) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(29849); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:39"); script_cve_id("CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-5476", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"); script_xref(name:"Secunia", value:"28161"); script_name(english:"FreeBSD : linux-flashplugin -- multiple vulnerabilities (562cf6c4-b9f1-11dc-a302-000102cc8983)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Adobe Security bulletin : Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform." ); # http://www.adobe.com/support/security/bulletins/apsb07-20.html script_set_attribute( attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb07-20.html" ); # https://vuxml.freebsd.org/freebsd/562cf6c4-b9f1-11dc-a302-000102cc8983.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3b6659b1" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 79, 119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-flashplugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/18"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"linux-flashplugin>=9.0<9.0r115")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-flashplugin>=7.0<7.0r73")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BFD6EEF48C9411DC8C55001C2514716C.NASL description Debian project reports : Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions. last seen 2020-06-01 modified 2020-06-02 plugin id 27814 published 2007-11-07 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27814 title FreeBSD : pcre -- arbitrary code execution (bfd6eef4-8c94-11dc-8c55-001c2514716c) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(27814); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:39"); script_cve_id("CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768"); script_name(english:"FreeBSD : pcre -- arbitrary code execution (bfd6eef4-8c94-11dc-8c55-001c2514716c)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Debian project reports : Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions." ); script_set_attribute( attribute:"see_also", value:"http://www.pcre.org/changelog.txt" ); # https://vuxml.freebsd.org/freebsd/bfd6eef4-8c94-11dc-8c55-001c2514716c.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ae9abacf" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:pcre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:pcre-utf8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/05"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"pcre<7.3")) flag++; if (pkg_test(save_report:TRUE, pkg:"pcre-utf8<7.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1570.NASL description Andrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version. last seen 2020-06-01 modified 2020-06-02 plugin id 32144 published 2008-05-09 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32144 title Debian DSA-1570-1 : kazehakase - various code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1570. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(32144); script_version("1.26"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768"); script_bugtraq_id(26462, 26550); script_xref(name:"DSA", value:"1570"); script_name(english:"Debian DSA-1570-1 : kazehakase - various"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Andrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464756" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1570" ); script_set_attribute( attribute:"solution", value: "Upgrade the kazehakase package. For the stable distribution (etch), this problem has been fixed in version 0.4.2-1etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kazehakase"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"kazehakase", reference:"0.4.2-1etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200801-07.NASL description The remote host is affected by the vulnerability described in GLSA-200801-07 (Adobe Flash Player: Multiple vulnerabilities) Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow (GLSA 200711-30, CVE-2007-4768). Aaron Portnoy reported an unspecified vulnerability related to input validation (CVE-2007-6242). Jesse Michael and Thomas Biege reported that Flash does not correctly set memory permissions (CVE-2007-6246). Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275). David Neu reported an error withing the implementation of the Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324). Toshiharu Sugiyama reported that Flash does not sufficiently restrict the interpretation and usage of cross-domain policy files, allowing for easier cross-site scripting attacks (CVE-2007-6243). Rich Cannings reported a cross-site scripting vulnerability in the way the last seen 2020-06-01 modified 2020-06-02 plugin id 30031 published 2008-01-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30031 title GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities NASL family Windows NASL id ADOBE_READER_812.NASL description The version of Adobe Reader installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities : - A design error vulnerability may allow an attacker to gain control of a user last seen 2020-06-01 modified 2020-06-02 plugin id 30200 published 2008-02-06 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30200 title Adobe Reader < 7.1.0 / 8.1.2 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1399.NASL description Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions. Version 7.0 of the PCRE library featured a major rewrite of the regular expression compiler, and it was deemed infeasible to backport the security fixes in version 7.3 to the versions in Debian last seen 2020-06-01 modified 2020-06-02 plugin id 27629 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27629 title Debian DSA-1399-1 : pcre3 - several vulnerabilities NASL family Windows NASL id FLASH_PLAYER_APSB07-20.NASL description According to its version number, the instance of Flash Player on the remote Windows host is affected by multiple issues, including several which could allow for arbitrary code execution by means of a malicious SWF file. last seen 2020-06-01 modified 2020-06-02 plugin id 29741 published 2007-12-19 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29741 title Flash Player < 7.0.73.0 / 9.0.115.0 Multiple Vulnerabilities (APSB07-20)
Oval
| accepted | 2015-08-03T04:02:09.352-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | ||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:9701 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | ||||||||||||||||||||||||
| version | 56 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://docs.info.apple.com/article.html?artnum=307179
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27697
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/28136
- http://secunia.com/advisories/28157
- http://secunia.com/advisories/28161
- http://secunia.com/advisories/28213
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://secunia.com/advisories/28570
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- http://secunia.com/advisories/29267
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/30106
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://secunia.com/advisories/30507
- http://secunia.com/advisories/30840
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://securitytracker.com/id?1019116
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
- http://www.adobe.com/support/security/bulletins/apsb07-20.html
- http://www.adobe.com/support/security/bulletins/apsb08-13.html
- http://www.debian.org/security/2007/dsa-1399
- http://www.debian.org/security/2008/dsa-1570
- http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
- http://www.redhat.com/support/errata/RHSA-2007-1126.html
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/bid/26346
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.us-cert.gov/cas/techalerts/TA07-355A.html
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2007/3790
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/4258
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/1724/references
- http://www.vupen.com/english/advisories/2008/1966/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38278
- https://issues.rpath.com/browse/RPL-1738
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701
- https://usn.ubuntu.com/547-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html